...
This enables the program to recognize if an attacker has switched files on the program in between the first close() and the second open(). The program does not recognize if the file has been modified in-place, however.
...
The structure members st_mode, st_ino, st_dev, st_uid, st_gid, st_atime, st_ctime, and st_mtime should all have meaningful values for all file types on POSIX-compliant systems. The st_ino field contains the file serial number. The st_dev field identifies the device containing the file. The st_ino and st_dev, taken together, uniquely identify the file. The st_dev value is not necessarily consistent across reboots or system crashes, however, so you may not be able to use this field for file identification if there is a possibility of a system crash or reboot before you attempt to reopen a file.
...
In this compliant solution, the file is opened using the open() function. If the file is successfully opened, the fstat() function is used to read information about the file into the stat structure. This information is compared with existing information about the user (obtained by the getuid(2) and getgid(2) functions.)
| Code Block | ||
|---|---|---|
| ||
struct stat st;
int fd = -1;
/* open file for reading */
if ((fd = open(file_name, O_RDONLY)) == -1) {
/* Handle Error */
}
if ((fstat(fd, &st) == -1) |
(st.st_uid != getuid()) ||
(st.st_gid != getgid())) {
/* File does not belong to user */
}
/* Read from file */
close(fd);
fd = -1;
|
...