On Sat, Oct 21, 2006 at 05:52:29PM -0400, Mike Frysinger wrote: > redhat put together a patch for cpio-2.6 where it would run fchmod() on the > output fd rather than closing the fd and doing chmod() on the filename ... > the reason for this being the race condition between opening the file and > chmod ...
This particular race is also known as CAN-2005-1111, but there are more known races. I submitted two patches almost a year ago (https://savannah.gnu.org/patch/?4006 and https://savannah.gnu.org/patch/?4007) with fixes... -- ldv
pgpEgSne8rpww.pgp
Description: PGP signature
_______________________________________________ Bug-cpio mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-cpio
