From: Jim Warner Date: Sat, 7 Oct 2017 05:00:00 +0000 (-0500) Subject: top: eliminate that potential vulnerability for TOCTOU X-Git-Tag: v4.0.0~681 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a02a31f7e9b50230a2f1bfbf2fb43336c0df0e9a;p=procps-ng top: eliminate that potential vulnerability for TOCTOU Initially, I was going to ignore that coverity warning CID #177876. But, since top may be running SETUID it's best if it can be avoided instead. The fix was simple. We'll trade the access() call for a real fopen() call. This time-of-check-time-of-use warning should go away. ------------------------------------------------------ When XDG support was originally introduced in top, the author made a poor choice in access(). A real question that needed asking was 'does the file exist'. However, the question that was asked was 'can this real user ID or this real group ID access the file'. Then, when the fopen() is finally issued, top would use the effective user ID or the effective group ID to access that file. That's what opened the potential TOCTOU vulnerability, which was important only if top was running SUID/SGID. Signed-off-by: Jim Warner --- diff --git a/top/top.c b/top/top.c index 178db183..42ead573 100644 --- a/top/top.c +++ b/top/top.c @@ -3188,7 +3188,7 @@ static void configs_read (void) { p_home = "."; snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p_home, Myname); - if (access(Rc_name, F_OK)) { + if (!(fp = fopen(Rc_name, "r"))) { p = getenv("XDG_CONFIG_HOME"); // ensure the path we get is absolute, fallback otherwise. if (!p || p[0] != '/') { @@ -3198,9 +3198,9 @@ static void configs_read (void) { snprintf(Rc_name, sizeof(Rc_name), "%s/procps", p); (void)mkdir(Rc_name, 0700); snprintf(Rc_name, sizeof(Rc_name), "%s/procps/%src", p, Myname); + fp = fopen(Rc_name, "r"); } - fp = fopen(Rc_name, "r"); if (fp) { int tmp_whole, tmp_fract; if (fgets(fbuf, sizeof(fbuf), fp)) // ignore eyecatcher