From: David Korn <dgk@research.att.com>
To: davem@redhat.com
Cc: gsf@research.att.com, linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: Re: kernel bug in socketpair()
Date: Wed, 23 Jul 2003 10:28:22 -0400 (EDT) [thread overview]
Message-ID: <200307231428.KAA15254@raptor.research.att.com> (raw)
> On Wed, 23 Jul 2003 09:32:09 -0400 (EDT)
> David Korn <dgk@research.att.com> wrote:
>
> [ Added netdev@oss.sgi.com, the proper place to discuss networking kernel issues
> . ]
>
> > The first problem is that files created with socketpair() are not accessible
> > via /dev/fd/n or /proc/$$/fd/n where n is the file descriptor returned
> > by socketpair(). Note that this is not a problem with pipe().
>
> Not a bug.
>
> Sockets are not openable via /proc files under any circumstances,
> not just the circumstances you describe. This is a policy decision and
> prevents a whole slew of potential security holes.
>
>
Thanks for you quick response.
This make sense for INET sockets, but I don't understand the security
considerations for UNIX domain sockets. Could you please elaborate?
Moreover, /dev/fd/n, (as opposed to /proc/$$/n) is restricted to
the current process and its decendents if close-on-exec is not specified.
Again, I don't understand why this would create a security problem
either since the socket is already accesible via the original
descriptor.
Finally if this is a security problem, why is the errno is set to ENXIO
rather than EACCESS?
David Korn
dgk@research.att.com
next reply other threads:[~2003-07-23 14:14 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-23 14:28 David Korn [this message]
2003-07-23 14:46 ` kernel bug in socketpair() David S. Miller
2003-07-23 16:56 ` Glenn Fowler
2003-07-23 17:00 ` David S. Miller
2003-07-23 17:24 ` Glenn Fowler
2003-07-23 17:31 ` David S. Miller
2003-07-23 18:14 ` Glenn Fowler
2003-07-23 18:23 ` David S. Miller
2003-07-23 18:54 ` Glenn Fowler
2003-07-23 19:04 ` David S. Miller
2003-07-23 19:11 ` Glenn Fowler
2003-07-23 19:14 ` David S. Miller
2003-07-23 19:29 ` Glenn Fowler
2003-07-23 19:56 ` David S. Miller
2003-07-23 22:24 ` jw schultz
2003-07-23 19:08 ` Alan Cox
2003-07-23 19:41 ` Andreas Jellinghaus
2003-07-23 17:50 ` Alan Cox
2003-07-23 23:27 ` Bill Rugolsky Jr.
2003-07-23 19:28 David Korn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307231428.KAA15254@raptor.research.att.com \
--to=dgk@research.att.com \
--cc=davem@redhat.com \
--cc=gsf@research.att.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.