Hacking Linux Exposed

About
Authors
Contents
Reviews
Foreword
Purchase

Articles
Books
Sourcecode
Tools
Errata

Home

 


(view this code in a separate window)

#!/usr/bin/perl
#
# raceForward
#
# An example program vulnerable to multiple race conditions.
#
# Copyright 2002, Bri Hatch
#
# Released under the GPL.  See COPYING file
# for more information.
# #

($username, $email) = @ARGV;

$FILE = "/home/$username/.forward";

# Get user info
($uid,$gid) = (getpwnam($username))[2,3]
   or die "No such user $username";

# Check to see if file is in good shape.
if ( ($fileuid) = (stat $FILE)[4] ) {
	unless ( $fileuid == $uid ) {
		die "Something is amiss with ${username}'s .forward.";
	}
} else {
	# Make sure it's not a dangling symlink too!
	if ( ($fileuid) = (lstat $FILE)[4] ) {
		die "Whoa - dangling symlink! Trickery suspected!"
	}
}

# Race condition - what if file was changed
# between the tests above and this open?
open FORWARD, ">$FILE" or die;
print FORWARD "$email\n";
close FORWARD;

# More race conditions - what if file opened above
# is changed before chown or chmod?
chown $uid,$gid, $FILE or warn "Whoa, can't chown it."
chmod 0600, $FILE or warn "Can't chmod the file."