util: don't open symlink when appending to file
When opening a file for appending (i.e. a log file), use the O_NOFOLLOW flag to get an error if the path is a symlink. Opening log files through symlinks is no longer supported. This is a protection against symlink attacks if chronyd is misconfigured to write a log in a world-writable directory (e.g. /tmp). That is not meant to become a recommended practice. Log messages will be lost, or chronyd won't start, if a symlink exists at the location of the log file.
This commit is contained in:
Miroslav Lichvar
parent
9d88c028e2
commit
79b348f075
1 changed files with 1 additions and 1 deletions
2
util.c
2
util.c
|
|
@ -1236,7 +1236,7 @@ UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
|
|||
break;
|
||||
case 'a':
|
||||
case 'A':
|
||||
flags = O_WRONLY | O_CREAT | O_APPEND;
|
||||
flags = O_WRONLY | O_CREAT | O_APPEND | O_NOFOLLOW;
|
||||
file_mode = "a";
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
Loading…
Reference in a new issue