CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/07/21 13:07:13
Modified files:
libexec/security: security
Log message:
When reading untrusted user files, don't risk blocking, such that
users can't mount a DOS attack against security(8), and for additional
safety against race attacks, make sure they are regular files after
opening and before actually reading them.
Issue originally hinted at by Sevan Janiyan <venture37 at
geeklan dot com dot uk> based on a NetBSD commit message,
then commented on by tedu@, problem finally confirmed by guenther@,
who also provided feedback on the actual patch.
