top: eliminate that potential vulnerability for TOCTOU

Initially, I was going to ignore that coverity warning
CID #177876. But, since top may be running SETUID it's
best if it can be avoided instead. The fix was simple.

We'll trade the access() call for a real fopen() call.
This time-of-check-time-of-use warning should go away.
------------------------------------------------------

When XDG support was originally introduced in top, the
author made a poor choice in access(). A real question
that needed asking was 'does the file exist'. However,
the question that was asked was 'can this real user ID
or this real group ID access the file'. Then, when the
fopen() is finally issued, top would use the effective
user ID or the effective group ID to access that file.

That's what opened the potential TOCTOU vulnerability,
which was important only if top was running SUID/SGID.

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner 2017-10-07 00:00:00 -05:00 committed by Craig Small
parent 0f5d503103
commit 1ba0e999c6

View File

@ -3633,7 +3633,7 @@ static void configs_read (void) {
p_home = "."; p_home = ".";
snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p_home, Myname); snprintf(Rc_name, sizeof(Rc_name), "%s/.%src", p_home, Myname);
if (access(Rc_name, F_OK)) { if (!(fp = fopen(Rc_name, "r"))) {
p = getenv("XDG_CONFIG_HOME"); p = getenv("XDG_CONFIG_HOME");
// ensure the path we get is absolute, fallback otherwise. // ensure the path we get is absolute, fallback otherwise.
if (!p || p[0] != '/') { if (!p || p[0] != '/') {
@ -3643,9 +3643,9 @@ static void configs_read (void) {
snprintf(Rc_name, sizeof(Rc_name), "%s/procps", p); snprintf(Rc_name, sizeof(Rc_name), "%s/procps", p);
(void)mkdir(Rc_name, 0700); (void)mkdir(Rc_name, 0700);
snprintf(Rc_name, sizeof(Rc_name), "%s/procps/%src", p, Myname); snprintf(Rc_name, sizeof(Rc_name), "%s/procps/%src", p, Myname);
fp = fopen(Rc_name, "r");
} }
fp = fopen(Rc_name, "r");
if (fp) { if (fp) {
int tmp_whole, tmp_fract; int tmp_whole, tmp_fract;
if (fgets(fbuf, sizeof(fbuf), fp)) // ignore eyecatcher if (fgets(fbuf, sizeof(fbuf), fp)) // ignore eyecatcher