From: "David S. Miller" <davem@redhat.com>
To: David Korn <dgk@research.att.com>
Cc: gsf@research.att.com, linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: kernel bug in socketpair()
Date: Wed, 23 Jul 2003 07:46:15 -0700 [thread overview]
Message-ID: <20030723074615.25eea776.davem@redhat.com> (raw)
In-Reply-To: <200307231428.KAA15254@raptor.research.att.com>
On Wed, 23 Jul 2003 10:28:22 -0400 (EDT)
David Korn <dgk@research.att.com> wrote:
> This make sense for INET sockets, but I don't understand the security
> considerations for UNIX domain sockets. Could you please elaborate?
> Moreover, /dev/fd/n, (as opposed to /proc/$$/n) is restricted to
> the current process and its decendents if close-on-exec is not specified.
> Again, I don't understand why this would create a security problem
> either since the socket is already accesible via the original
> descriptor.
Someone else would have to comment, but I do know we've had
this behavior since day one.
And therefore I wouldn't be doing many people much of a favor
by changing the behavior today, what will people do who need
their things to work on the bazillion existing linux kernels
running out there? :-)
Also, see below for another reason why this behavior is unlikely
to change.
> Finally if this is a security problem, why is the errno is set to ENXIO
> rather than EACCESS?
Look at the /proc file we put there for socket FD's. It's a symbolic
link with a readable string of the form ("socket:[%d]", inode_nr)
So your program ends up doing a follow of a symbolic link with that
string name, which does not exist.
Thinking more about this, changing this behavior would probably break
more programs than it would help begin to function, so this is unlikely
to ever change.
next prev parent reply other threads:[~2003-07-23 14:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-23 14:28 Re: kernel bug in socketpair() David Korn
2003-07-23 14:46 ` David S. Miller [this message]
2003-07-23 16:56 ` Glenn Fowler
2003-07-23 17:00 ` David S. Miller
2003-07-23 17:24 ` Glenn Fowler
2003-07-23 17:31 ` David S. Miller
2003-07-23 18:14 ` Glenn Fowler
2003-07-23 18:23 ` David S. Miller
2003-07-23 18:54 ` Glenn Fowler
2003-07-23 19:04 ` David S. Miller
2003-07-23 19:11 ` Glenn Fowler
2003-07-23 19:14 ` David S. Miller
2003-07-23 19:29 ` Glenn Fowler
2003-07-23 19:56 ` David S. Miller
2003-07-23 22:24 ` jw schultz
2003-07-23 19:08 ` Alan Cox
2003-07-23 19:41 ` Andreas Jellinghaus
2003-07-23 17:50 ` Alan Cox
2003-07-23 23:27 ` Bill Rugolsky Jr.
-- strict thread matches above, loose matches on Subject: below --
2003-07-23 13:32 David Korn
2003-07-23 14:04 ` David S. Miller
2003-07-23 14:20 ` Alan Cox
2003-07-23 15:36 ` David S. Miller
2003-07-23 16:13 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030723074615.25eea776.davem@redhat.com \
--to=davem@redhat.com \
--cc=dgk@research.att.com \
--cc=gsf@research.att.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).