The following root$-$owned Set$-$UID program needs to write to a file, but it wants to

ensure that the file is owned by the user. It uses stat$()$ to get the file owner$$s ID$,$

and compares it with the real user ID of the process. If they do not match, the program

will exit. Please describe whether there is a race condition in the program? If so$,$ please

explain how you can exploit the race condition. The manual of stat$()$ can be found

online.

#include

#include

#include

#include

int main$()$

$\{$

struct stat statbuf;

uid$\_$t real$\_$uid;

FILE$*$ fp;

fp $=$ fopen$("/$tmp$/$XYZ$","$a$+")$;

stat$("/$tmp$/$XYZ$",$ &statbuf$)$;

printf$("$The file owner$$s user ID: $\%$d

$",$ statbuf.st$\_$uid$)$;

printf$("$The process$$s real user ID: $\%$d

$",$ getuid$())$;

$//$ Check whether the file belongs to the user

if $($statbuf$.$st$\_$uid $==$ getuid$())\{$

printf$("$IDs match, continue to write to the file.

$")$;

$//$ write to the file $...$

if $($fp$)$ fclose$($fp$)$;

$\}$ else $\{$

printf$("$IDs do not match, exit.

$")$;

if $($fp$)$ fclose$($fp$)$;

return $-1$;

$\}$

return $0$;

$\}$