[mythtv-commits] Ticket #4822: potentially exploitable file race in mythcdrom-linux.cpp
MythTV
mythtv at cvs.mythtv.org
Mon Mar 3 16:24:32 UTC 2008
#4822: potentially exploitable file race in mythcdrom-linux.cpp
---------------------------------------------+------------------------------
Reporter: Erik Hovland <erik at hovland.org> | Owner: ijr
Type: defect | Status: new
Priority: minor | Milestone: 0.21
Component: mythtv | Version: 0.21-fixes
Severity: low | Mlocked: 0
---------------------------------------------+------------------------------
The summary makes it sound more threatening then it is. But an attack
could be made in mythcdrom-linux.cpp in the member function
MythCDROMLinux::setSpeed(). The function makes a stat call using the
string name of the cdrom device file and then an open using that same
string. It is possible for the caller to get a good stat on a file with
that filename and then switch the underlying file to something of their
liking before the open call is made. It would be safer if the function
tried the open, then did and fstat on the file descriptor.
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/4822>
MythTV <http://svn.mythtv.org/trac>
MythTV
More information about the mythtv-commits
mailing list