...
Many operating systems support file links including symbolic (soft) links, hard links, short cuts, and UNC (universal naming convention) shares. Symbolic links can be created in POSIX using the ln -s command, and hard links using the ln command. Hard links are indistinguisable indistinguishable from normal files on POSIX sysetmssystems.
There are three types of file links supported in the NTFS file system: hard links, junctions, and symbolic links. Symbolic links are available in NTFS starting with Windows Vista.
...
When creating new files, it may be possible to use functions that only create a new file where a file does not already exist. This prevents the application from overwriting an existing file during file creation; see rule void FIO00-J. Do not overwrite an existing file while attempting to create a new file for more information. Existing Java classes such as FileOutputStream() and FileWriter() do not
- allow a programmer to specify that opening a file should fail if the file already exists
- indicate whether an existing file has been opened or a new file has been created
These limitations may lead to a program overwriting or accessing an unintended file.
Device Files
File names on many operating systems may be used to access device files. Reserved MS-DOS device names include AUX, CON, PRN, COM1, and LPT1. Character special files and block special files on POSIX systems are used to apply access rights and to direct operations on the files to the appropriate device drivers.
...
| Wiki Markup |
|---|
On many systems, file can be be simlutaneouslysimultaneously accessed by concurrent processes. Exclusive access grants unrestricted file access to the locking process while denying access to all other processes, eliminating the potential for a race condition on the locked region. The {{java.nio.channels.FileLock}} class facilitates file locking. According to the Java API \[[API 2006|AA. Bibliography#API 06]\] documentation |
...
| Code Block | ||
|---|---|---|
| ||
String filename = /* provided by user */
Path file = new File(filename).toPath();
try {
BasicFileAttributes attr = Files.readAttributes(
file, BasicFileAttributes.class, LinkOption.NOFOLLOW_LINKS
);
// Check
if (!attr.isRegularFile()) {
System.out.println("Not a regular file");
return;
}
// other necessary checks
// Use
try (InputStream in = Files.newInputStream(file)) {
// read file
};
} catch (IOException x) {
// handle error
}
|
This code is still vulnerabile vulnerable to a TOCTOU race condition, however. For example, an attacker can replace the regular file with a file link or device file after the code has completed its checks but before it opens the file.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="880018c48eb47230-56ad2091-41154f54-8c9ebcf6-9063824894119190a53ad259"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class File, methods | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="95fb9380ed955163-9a164fae-4a6f42e3-a38eae8d-4183f5b500b64dbdfe0df41d"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2008-5354 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1d38b9fd73e2cb18-9ea4a56b-468b491f-bf929751-12e82fdfe9671bd459acd6ca"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e9e2bbd6be026066-4c98c377-4c5e4972-82e99a88-5968e82ad486ce5d8d8fc858"><ac:plain-text-body><![CDATA[ | [[Garfinkel 1996 | AA. Bibliography#Garfinkel 96]] | Section 5.6, "Device Files" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d1a541227497ea1a-db7d618f-4b144b9f-bb63ab8a-e5d931556b60611375fbef12"><ac:plain-text-body><![CDATA[ | [[Howard 2002 | AA. Bibliography#Howard 02]] | Chapter 11, "Canonical Representation Issues" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a83784c1f3145ea-f7ffdd10-494a464c-b7eba6b5-888f9eae99b5c708afc069c6"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] | The try-with-resources Statement | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="699397b4971a701b-e128ff67-47c04273-956fa025-e84bafbc4f017cbcad064c13"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | [ | http://www.opengroup.org/onlinepubs/009695399/functions/open.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fd76f9257e0ebd15-d9a31936-46ba4fe1-acaf825f-8b6b8786766fed6b1db6450c"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ecb57883fc75c7bc-189967dd-42ae4176-ac789af8-c4faf845beae2ff99815c001"><ac:plain-text-body><![CDATA[ | [[Secunia 2008 | AA. Bibliography#Secunia 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...