Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden File Read From Symbolic Links #78

Open
3 tasks
zakuArbor opened this issue Jul 28, 2023 · 1 comment
Open
3 tasks

Harden File Read From Symbolic Links #78

zakuArbor opened this issue Jul 28, 2023 · 1 comment
Assignees
@zakuArbor
Labels
PAM security A Security Related Change

Comments

@zakuArbor
Copy link
Owner

zakuArbor commented Jul 28, 2023
edited
Loading

Purpose

Tasks/Goals

  • Open file with nofollow flag
  • Check if file has been tampered
  • Prevent hard links

Summary

To fill out once the issue is to be closed. Give a short summary of the changes you made to implement or fix an issue
@zakuArbor zakuArbor added PAM security A Security Related Change labels Jul 28, 2023
@zakuArbor zakuArbor self-assigned this Jul 28, 2023
@zakuArbor
Copy link
Owner Author

Checkout https://wiki.sei.cmu.edu/confluence/display/c/POS35-C.+Avoid+race+conditions+while+checking+for+the+existence+of+a+symbolic+link

Existing method is insufficient. Think about using open instead of fopen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zakuArbor zakuArbor

Labels
PAM security A Security Related Change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zakuArbor