Files can be identified by other attributes in addition to the file name, for example, by copmaring file ownership or creation time. Comparing multiple attributes of the file improves the probability that you have correctly identified the appropriate file.
Non-Compliant Code Example
This non-compliant code example relies exlusively on the file name to identify the file.
int fd = open(filename, O_RDWR);
if (fd != -1) {
...
}
close(fd);
Compliant Solution (POSIX)
In this compliant solution, the file is opened using the open() function. If the file is successfully opened, the fstat() function is used to read information about the file into the stat structure. This information is compared with existing information about the file to improve identification.
dev_t dev; /* device */
ino_t ino; /* file serial number */
int fd = open(filename, O_RDWR);
if ( (fd != -1) &&
(fstat(fd, &st) != -1) &&
(st.st_ino == ino) &&
(st.st_dev == dev)
) {
...
}
close(fd);
The structure members st_mode, st_ino, st_dev, st_uid, st_gid, st_atime, st_ctime, and st_mtime should all have meaningful values for all file types on POSIX compliant systems. The st_ino filed contains the file serial number. The st_dev field identifies the device containing the file. The st_ino and st_dev, taken together, uniquely identifies the file. The st_dev value is not necessarily consistent across reboots or system crashes, however.
It is also necessary to call the fstat() function on an already opened file, rather than calling stat() on a file name followed by open() to ensure the file for which the information is being collected is the same file which is opened. See [[FIO01-A]] for more information.
Risk Assessment
Many file related vulnerabilities are exploited to cause a program to access an unintended file. Proper identification of a file is necessary to prevent exploitation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP01-A |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
References
- Seacord 05 Chapter 7, File I/O
- ISO/IEC 9899-1999 Sections 7.19.3, Files
- ISO/IEC 9899-1999 Sections 7.19.4, Operations on Files
- Open Group 04 The open function, The fstat function
- Drepper 06 Section 2.2.1 Identification When Opening