Closed mckaygerhard closed 1 year ago
That would not work since we need to be able to find the timestamp files to be able to make use of them. There would also be no benefit, we rely on and check that the directory has the right owner and mode.
@Duncaen the only check i can see is https://github.com/Duncaen/OpenDoas/blob/b96106b7e34ac591ae78b1684e9be3a265122463/timestamp.c#L289C11-L289C60 and also in line 120.. there-s no owner check or similar..
I don't get what you are trying to say, there are checks for the directory being owned by root and the mode being 0700 and checks for the timestamp file being owned by root, the group being the users gid and the mode being 0000.
Line 120 is opening a file in /proc
I don't see how this is related at all.
TIMESTAMP_DIR is predictible to attacks
https://github.com/Duncaen/OpenDoas/blob/b96106b7e34ac591ae78b1684e9be3a265122463/timestamp.c#L89
we can create a ramdom dir under this to improve security?