harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hindess <mark.hind...@googlemail.com>
Subject Re: [classlib] File.createNewFile(...)
Date Fri, 21 Sep 2007 10:41:06 GMT

On 21 September 2007 at 9:27, Tim Ellison <t.p.ellison@gmail.com> wrote:
> Mark Hindess wrote:
> > The security section of the excellent Linux Weekly News (http://lwn.net)
> > this week has an article about "Exploiting symlinks and tmpfiles".
> > After reading it, I thought I'd take a look at the Harmony natives.  I
> > am beginning to wish I hadn't ...
> Well I'm glad that you did :-)
> <big snip/>

> > I have a patch for the unix now and I don't think it is as complicated
> > on windows but I'm just getting someone to check the patch before
> > committing it.
> After reading through your exploits it seems (a) surprising about the
> apparent inconsistency in the OS APIs, and (b) right to fix the current
> harmony behavior to avoid miscreant's taking advantage of it.

Fixed in r578050.  There was a minor complication on windows but Paulex
resolved that[0].

It also means we avoid doing a stat on every file open on unix now which
can't be a bad thing.  (We still do it on read only open calls though
since that can't be avoided without causing incorrect behaviour.)


[0] I had HyOpenCreate and HyOpenCreateNew in the flags but these are
    supposed to be mutually exclusive.  On unix it did what I meant but
    due to ordering differences it didn't on windows.

View raw message