© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Do we want to mitigate this one?
The usual approach is to break paths apart into components, use O_PATH and openat(2) to walk each component individually, checking fstat(2) to make sure that the owner and permissions are correct on each (for whatever 'correct' may mean), etc.
The alternative is to make sure that apport is running with the appropriate user permissions (again, for whatever definition of 'appropriate') so that the final component, the filename, is only written into a directory that the user can legitimately write into anyway.
Quite a lot of programs never bother with the complicated O_PATH version.
If apport is writing these files as an incorrect user that ought to be addressed and may also address this at the same time.
Thanks