This prevents an attack like the one described [here](https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File#:~:text=On%20Unix%20based,with%20elevated%20permissions.). An unprivileged attacker could use symlinks to trick a privileged logging process to follow a symlink from the log dir and write logs over an arbitrary file. The components of the log names are program, host, username, tag, date, time and PID. These are all predictable. It's not at all unusual for the logdir to be writable by unprivileged users, and one of the fallback directories (/tmp) traditionally has broad write privs with the sticky bit set on Unix systems. As a concrete example, let's say I've got a glog-enabled binary running as a root cronjob. I can gauge when that cron job will run and then use a bash script to spray the log dir with glog-looking symlinks to `/etc/shadow` with predicted times and PIDs. When the cronjob runs, the `os.Create` call will follow the symlink, truncate `/etc/shadow` and then fill it with logs. This change defeats that by setting `O_EXCL`, which will cause the open call to fail if the file already exists. Fixes CVE-2024-45339 cl/712795111 (google-internal)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4