...
Non-Compliant Code Example
| Code Block | ||
|---|---|---|
| ||
Compliant Code Example (
...
POSIX)
| Wiki Markup |
|---|
Device files in UNIX can be a major security hazard when an attacker is able to access them in an unauthorized way. For instance, if attackers can read or write to the {{/dev/kmem}} device, they may be able to alter their priority, UID, or other attributes of their process or simply crash the system. Similarly, access to disk devices, tape devices, network devices, and terminals being used by others all can lead to problems \[[Garfinkel 96|AA. C References#Garfinkel 96]\]. |
On Linux, it is possible to lock certain applications by attempting to open devices rather than files, for example:
| Code Block |
|---|
/dev/mouse
/dev/console
/dev/tty0
/dev/zero
etc.
|
A web browser that failed to check for these devices would allow an attacker to create a website with image tags such as <IMG SRC=file:///dev/mouse that would lock the user's mouse.
>
Programmers can use the POSIX stat() function to obtain information about a named file, and the S_ISREG() macro to determine if the file is a regular file.
| Code Block | ||
|---|---|---|
| ||
struct stat s;
if (stat(filename, &s) == 0) {
if (S_ISREG (s.st_mode)) {
/* operate on file */
}
}
|
...