The session_save() function checks for the existance and access rights
on the target session configuration filename before opening it. This
results in a TOCTOU (Time of check, time of use) problem.
Defer the check and error reporting to the run_as_open() call.
1191754 Time of check time of use
An attacker could change the filename's file association or other
attributes between the check and use. In save_session: A check occurs
on a file's attributes before the file is used in a privileged
operation, but things may have changed (CWE-367)
Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
projects / lttng-tools.git / commitdiff
