diff options
author | 2015-07-02 17:30:59 +0000 | |
---|---|---|
committer | 2015-07-02 17:30:59 +0000 | |
commit | 87935c4d727d66c9400c299c2b69fff91e0183e7 (patch) | |
tree | 1197b418f3be2c2f64a9952957a7d349da5ed78f /libutil/pw_util.c | |
parent | 899bd5d0a18bee6a94dc840d5a457da6484670ed (diff) | |
download | pw-darwin-87935c4d727d66c9400c299c2b69fff91e0183e7.tar.gz pw-darwin-87935c4d727d66c9400c299c2b69fff91e0183e7.tar.zst pw-darwin-87935c4d727d66c9400c299c2b69fff91e0183e7.zip |
When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more infor about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: bapt
Sponsored by: Netgate
Diffstat (limited to 'libutil/pw_util.c')
-rw-r--r-- | libutil/pw_util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libutil/pw_util.c b/libutil/pw_util.c index befd1fb..af749d5 100644 --- a/libutil/pw_util.c +++ b/libutil/pw_util.c @@ -226,7 +226,7 @@ pw_tmp(int mfd) errno = ENAMETOOLONG; return (-1); } - if ((tfd = mkstemp(tempname)) == -1) + if ((tfd = mkostemp(tempname, O_SYNC)) == -1) return (-1); if (mfd != -1) { while ((nr = read(mfd, buf, sizeof(buf))) > 0) |