From a02a31f7e9b50230a2f1bfbf2fb43336c0df0e9a Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Sat, 7 Oct 2017 00:00:00 -0500 Subject: [PATCH] top: eliminate that potential vulnerability for TOCTOU Initially, I was going to ignore that coverity warning CID #177876. But, since top may be running SETUID it's best if it can be avoided instead. The fix was simple. We'll trade the access() call for a real fopen() call. This time-of-check-time-of-use warning should go away. ------------------------------------------------------ When XDG support was originally introduced in top, the author made a poor choice in access(). A real question that needed asking was 'does the file exist'. However, the question that was asked was 'can this real user ID or this real group ID access the file'. Then, when the fopen() is finally issued, top would use the effective user ID or the effective group ID to access that file. That's what opened the potential TOCTOU vulnerability, which was important only if top was running SUID/SGID. Signed-off-by: Jim Warner --- top/top.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/top/top.c b/top/top.c index 178db183..42ead573 100644 --- a/top/top.c +++ b/top/top.c @@ -3188,7 +3188,7 @@ static void configs_read (void) { p_home = "."; snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p_home, Myname); - if (access(Rc_name, F_OK)) { + if (!(fp = fopen(Rc_name, "r"))) { p = getenv("XDG_CONFIG_HOME"); // ensure the path we get is absolute, fallback otherwise. if (!p || p[0] != '/') { @@ -3198,9 +3198,9 @@ static void configs_read (void) { snprintf(Rc_name, sizeof(Rc_name), "%s/procps", p); (void)mkdir(Rc_name, 0700); snprintf(Rc_name, sizeof(Rc_name), "%s/procps/%src", p, Myname); + fp = fopen(Rc_name, "r"); } - fp = fopen(Rc_name, "r"); if (fp) { int tmp_whole, tmp_fract; if (fgets(fbuf, sizeof(fbuf), fp)) // ignore eyecatcher