top: eliminate that potential vulnerability for TOCTOU

Initially, I was going to ignore that coverity warning
CID #177876. But, since top may be running SETUID it's
best if it can be avoided instead. The fix was simple.

We'll trade the access() call for a real fopen() call.
This time-of-check-time-of-use warning should go away.
------------------------------------------------------

When XDG support was originally introduced in top, the
author made a poor choice in access(). A real question
that needed asking was 'does the file exist'. However,
the question that was asked was 'can this real user ID
or this real group ID access the file'. Then, when the
fopen() is finally issued, top would use the effective
user ID or the effective group ID to access that file.

That's what opened the potential TOCTOU vulnerability,
which was important only if top was running SUID/SGID.

Signed-off-by: Jim Warner <james.warner@comcast.net>

diff --git a/top/top.c b/top/top.c
index 79721fce3042b770dfe25394e9b9e15f2f89a02b..e322808b1a44a9b43eb56eca06e55b3751a81ff3 100644 (file)
--- a/top/top.c
+++ b/top/top.c
@@ -3633,7 +3633,7 @@ static void configs_read (void) {
       p_home = ".";
    snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p_home, Myname);
 
-   if (access(Rc_name, F_OK)) {
+   if (!(fp = fopen(Rc_name, "r"))) {
       p = getenv("XDG_CONFIG_HOME");
       // ensure the path we get is absolute, fallback otherwise.
       if (!p || p[0] != '/') {
@@ -3643,9 +3643,9 @@ static void configs_read (void) {
       snprintf(Rc_name, sizeof(Rc_name), "%s/procps", p);
       (void)mkdir(Rc_name, 0700);
       snprintf(Rc_name, sizeof(Rc_name), "%s/procps/%src", p, Myname);
+      fp = fopen(Rc_name, "r");
    }
 
-   fp = fopen(Rc_name, "r");
    if (fp) {
       int tmp_whole, tmp_fract;
       if (fgets(fbuf, sizeof(fbuf), fp))       // ignore eyecatcher