From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Tue, 8 Oct 2019 18:18:31 +0000 (-0400)
Subject: Fix: sessiond: TOCTOU error on save of session configuration
X-Git-Url: http://git.efficios.com/?a=commitdiff_plain;h=f376ad9c6fb65bef0106c2631299c989b3df9f57;hp=f376ad9c6fb65bef0106c2631299c989b3df9f57;p=lttng-tools.git

Fix: sessiond: TOCTOU error on save of session configuration

The session_save() function checks for the existance and access rights
on the target session configuration filename before opening it. This
results in a TOCTOU (Time of check, time of use) problem.

Defer the check and error reporting to the run_as_open() call.

1191754 Time of check time of use
An attacker could change the filename's file association or other
attributes between the check and use.  In save_session: A check occurs
on a file's attributes before the file is used in a privileged
operation, but things may have changed (CWE-367)

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---