http://hub.opensolaris.org/bin/view/Community+Group+security/funclist
hasn't kept up with all the latest libc changes. Can someone either
make the following updates or give me write privs so I can make them?
(Comments, corrections or suggestions for other changes are also welcome.)
gets() - getline(3C) is a new alternative in the Solaris 11 libc.
open() - In Solaris 11 and later, consider including O_CLOEXEC in the
open flags, to set the close-on-exec mode atomically when the
file is opened, not leaving a race condition in multithreaded
programs if another thread forks/execs between the calls to
open() & fcntl(..., FD_CLOEXEC);
lstat() - Add fstatat() to the AVOID list, since it also operates on
pathnames. (The f refers to the file descriptor for the
directory used for relative path resolution of the provided
pathname.)
chmod() - Add fchmodat() to the AVOID list, same reason as above.
chdir() - Add to alternatives: For multithreaded programs, Solaris 11
has added the POSIX 2008 *at() versions of functions (openat(),
linkat(), mkdirat(), mkfifoat(), readlinkat(), symlinkat(), etc.)
which take the file descriptor of a directory as the first
argument, to use as the working directory for relative paths,
to avoid the race condition when one thread calls chdir() while
another is calling open(), unlink(), etc.
chroot() - Add to alternatives: Run in a zone.
sprintf() - asprintf(3C) is a new alternative in the Solaris 11 libc, which
prevents buffer overflow by allocating a new buffer of the correct
size.
mkdir() - Add mkdirat() and mknodat() to the list of functions covered by
this note.
mktemp() - Add mkdtemp() to alternatives when a directory needs to be made
instead of a file.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
security-discuss mailing list
[email protected]
