DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 18:05:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

util: don't open symlink when appending to file

Browse Source 
When opening a file for appending (i.e. a log file), use the O_NOFOLLOW
flag to get an error if the path is a symlink. Opening log files through
symlinks is no longer supported.

This is a protection against symlink attacks if chronyd is misconfigured
to write a log in a world-writable directory (e.g. /tmp). That is not
meant to become a recommended practice. Log messages will be lost, or
chronyd won't start, if a symlink exists at the location of the log
file.
This commit is contained in:
Miroslav Lichvar
2020-08-25 09:39:59 +02:00
parent 9d88c028e2
commit 79b348f075
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
util.c
View File

@@ -1236,7 +1236,7 @@ UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
break;
case 'a':
case 'A':
flags = O_WRONLY | O_CREAT | O_APPEND;
flags = O_WRONLY | O_CREAT | O_APPEND | O_NOFOLLOW;
file_mode = "a";
break;
default: