[Mono-bugs] [Bug 77340][Maj] Changed - Local user can overwrite arbitrary file using mono-service

[bugzilla-daemon at bugzilla.ximian.com]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pawel.sakowski at mindbreeze.com.

http://bugzilla.ximian.com/show_bug.cgi?id=77340

--- shadow/77340	2006-11-16 10:42:42.000000000 -0500
+++ shadow/77340.tmp.17662	2006-12-14 12:36:19.000000000 -0500
@@ -116,6 +116,31 @@
 non-root is still permitted to create such a link, and I can't imagine
 that O_NOFOLLOW can prevent opening such a file.
 
 Go ahead and try your solution out using "Steps to reproduce the
 problem" (with and without -s). They're 100% reproducible, so you will
 know instantly what works and what does not.
+
+------- Additional Comments From pawel.sakowski at mindbreeze.com  2006-12-14 12:36 -------
+I took a closer look at Miguel's O_EXCL solution. I was sort of
+misleaded before, but O_EXCL in conjunction with O_CREAT actually does
+seem to prevent link attacks.
+
+However, using O_CREAT|O_EXCL triggers another issue. A stale lock
+file prevents starting the service -- always fails. Earlier, the open
+would have succeeded and (as long as the file isn't opened by another
+service instance, as determined with lockf) the service would start
+successfully (and unlink the pid file on termination).
+
+Steps to reproduce #1:
+1. touch $F
+2. mono-service -l:$F foo.exe
+
+Steps to reproduce #2:
+1. mono-service foo.exe
+2. kill -9 <pid of foo>
+3. mono-service foo.exe
+
+Expected results: find out that the service isn't actually running
+(although pid file exists) and start successfully
+
+Actual results: "mono: foo.exe: Log file already exists"