Alan, IMO a F_DUPFD_CLOEXEC would be useful, too. Olga
On Sat, Jun 16, 2012 at 6:13 AM, Alan Coopersmith <[email protected]> wrote: > http://hub.opensolaris.org/bin/view/Community+Group+security/funclist > hasn't kept up with all the latest libc changes. Can someone either > make the following updates or give me write privs so I can make them? > > (Comments, corrections or suggestions for other changes are also welcome.) > > gets() - getline(3C) is a new alternative in the Solaris 11 libc. > > open() - In Solaris 11 and later, consider including O_CLOEXEC in the > open flags, to set the close-on-exec mode atomically when the > file is opened, not leaving a race condition in multithreaded > programs if another thread forks/execs between the calls to > open() & fcntl(..., FD_CLOEXEC); > > lstat() - Add fstatat() to the AVOID list, since it also operates on > pathnames. (The f refers to the file descriptor for the > directory used for relative path resolution of the provided > pathname.) > > chmod() - Add fchmodat() to the AVOID list, same reason as above. > > chdir() - Add to alternatives: For multithreaded programs, Solaris 11 > has added the POSIX 2008 *at() versions of functions (openat(), > linkat(), mkdirat(), mkfifoat(), readlinkat(), symlinkat(), etc.) > which take the file descriptor of a directory as the first > argument, to use as the working directory for relative paths, > to avoid the race condition when one thread calls chdir() while > another is calling open(), unlink(), etc. > > chroot() - Add to alternatives: Run in a zone. > > sprintf() - asprintf(3C) is a new alternative in the Solaris 11 libc, which > prevents buffer overflow by allocating a new buffer of the correct > size. > > mkdir() - Add mkdirat() and mknodat() to the list of functions covered by > this note. > > mktemp() - Add mkdtemp() to alternatives when a directory needs to be made > instead of a file. > > -- > -Alan Coopersmith- [email protected] > Oracle Solaris Engineering - http://blogs.oracle.com/alanc > _______________________________________________ > security-discuss mailing list > [email protected] -- , _ _ , { \/`o;====- Olga Kryzhanovska -====;o`\/ } .----'-/`-/ [email protected] \-`\-'----. `'-..-| / http://twitter.com/fleyta \ |-..-'` /\/\ Solaris/BSD//C/C++ programmer /\/\ `--` `--` _______________________________________________ security-discuss mailing list [email protected]
