Fix a security problem where the ktrace.out file could have been written

over a file owned by someone else. Pointed out by: wosch Reviewed by: sef, imp, proff@suburbia.net, bde
svn path=/head/; revision=23894
1997-03-15 10:39:12 +00:00 · 1997-03-15 10:39:12 +00:00 · 9bedbe6c7d · 2020-12-20 02:59:44 +00:00
commit 9bedbe6c7d
parent f9ce14711a
2 changed files with 16 additions and 5 deletions
--- a/usr.bin/ktrace/ktrace.1
+++ b/usr.bin/ktrace/ktrace.1
@ -75,7 +75,7 @@ to decode it.
 The options are as follows:
 .Bl -tag -width indent
 .It Fl a
-Append to the trace file instead of truncating it.
+Append to the trace file instead of recreating it.
 .It Fl C
 Disable tracing on all user owned processes, and, if executed by root, all
 processes in the system.
--- a/usr.bin/ktrace/ktrace.c
+++ b/usr.bin/ktrace/ktrace.c
@ -42,7 +42,7 @@ static char copyright[] =
 static char sccsid[] = "@(#)ktrace.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id$";
+	"$Id: ktrace.c,v 1.8 1997/02/22 19:55:27 peter Exp $";
 #endif /* not lint */

 #include <sys/param.h>
@ -72,6 +72,7 @@ main(argc, argv)
 	int append, ch, fd, inherit, ops, pid, pidset, trpoints;
 	char *tracefile;
 	mode_t omask;
+	struct stat sb;

 	clear = NOTSET;
 	append = ops = pidset = inherit = 0;
@ -140,9 +141,19 @@ main(argc, argv)
 	}

 	omask = umask(S_IRWXG|S_IRWXO);
-	if ((fd = open(tracefile, O_CREAT | O_WRONLY | (append ? 0 : O_TRUNC),
-	    DEFFILEMODE)) < 0)
-		err(1, tracefile);
+	if (append) {
+		if ((fd = open(tracefile, O_CREAT | O_WRONLY, DEFFILEMODE)) < 0)
+			err(1, tracefile);
+		if (fstat(fd, &sb) != 0 || sb.st_uid != getuid())
+			errx(1, "Refuse to append to %s not owned by you.",
+			    tracefile);
+	} else {
+		if (unlink(tracefile) == -1 && errno != ENOENT)
+			err(1, "unlink %s", tracefile);
+		if ((fd = open(tracefile, O_CREAT | O_EXCL | O_WRONLY,
+		    DEFFILEMODE)) < 0)
+			err(1, tracefile);
+	}
 	(void)umask(omask);
 	(void)close(fd);