Ondřej Surý 6082274450 Stop isc_file_safecreate from following symlinks ... The function existence-checked the target with stat() and then opened the same path without O_NOFOLLOW, so a symlink at the target path passed the regular-file test against the link's destination and the open() that followed truncated and wrote through the link. rndc-confgen -a is typically run as root and writes the keyfile under a directory that service accounts may have write access to, so a stray symlink there would silently redirect the truncate, fchown, and overwrite to whatever file the link pointed at. Switch the existence check to lstat() and use S_ISREG() so a symlink's S_IFLNK mode is detected directly (a plain bitmask of S_IFREG matches both, since S_IFLNK shares its high bit). Add O_NOFOLLOW to both open() flag sets to close the lstat/open TOCTOU window. Hardening against unexpected symlinks on intermediate path components is out of scope. Assisted-by: Claude:claude-opus-4-7		2026-04-29 16:56:25 +02:00
..
isc	Stop isc_file_safecreate from following symlinks	2026-04-29 16:56:25 +02:00
.clang-format	Add separate .clang-format files for headers	2020-02-14 09:31:05 +01:00