From: ebiederm@xmission.com (Eric W. Biederman)
To: Pavel Machek <pavel@ucw.cz>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
akpm@linux-foundation.org, viro@ZenIV.linux.org.uk,
dhowells@redhat.com, hch@infradead.org, adilger@sun.com,
mtk.manpages@gmail.com, torvalds@linux-foundation.org,
drepper@gmail.com, jamie@shareable.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 resend] vfs: new O_NODE open flag
Date: Fri, 06 Nov 2009 12:55:33 -0800 [thread overview]
Message-ID: <m17hu3xtiy.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20091106141742.GA1428@ucw.cz> (Pavel Machek's message of "Fri\, 6 Nov 2009 15\:17\:42 +0100")
Pavel Machek <pavel@ucw.cz> writes:
> On Thu 2009-11-05 15:27:06, Miklos Szeredi wrote:
>> On Thu, 5 Nov 2009, Alan Cox wrote:
>> > > - re-opening normally after checking file type (there's a debate
>> > > whether this would have security issues, but currently we do allow
>> > > re-opening with increased permissions thorugh /proc/*/fd)
>> >
>> > Which has already been demonstrated to be an (unfixed) security hole.
>>
>> No it hasn't :) Jamie theorized that there *might* be a real world
>> situation where the application writer didn't anticipate this
>> behavior. But as to actual demonstration, we have not seen one yet, I
>> think.
>
> See bugtraq, or lkml thread about symlinks with permissions. There's
> demo script there.
Exactly a theoretical discussion, that demonstrates user space
applications with security holes can be written if they make
assumptions about the world that are not true.
So far no one who believes this to be a security hole has found it
worth their while to look at nd->intent.open in proc_pid_follow_link
and write a patch. Pavel you started out asking for help on how
to do that and I think I have answered the original question.
I am tired of the whining. If no one who is persuaded the kernel is
wrong can be bothered to write a possibly buggy 5 line patch this is
clearly not a security hole.
Eric
next prev parent reply other threads:[~2009-11-06 20:55 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-05 11:23 [PATCH v2 resend] vfs: new O_NODE open flag Miklos Szeredi
2009-11-05 13:15 ` Alan Cox
2009-11-05 14:27 ` Miklos Szeredi
2009-11-05 14:50 ` Alan Cox
2009-11-05 15:24 ` Miklos Szeredi
2009-11-05 15:56 ` Alan Cox
2009-11-05 16:52 ` Miklos Szeredi
2009-11-05 18:25 ` Alan Cox
2009-11-06 11:10 ` Miklos Szeredi
2009-11-06 1:40 ` Jamie Lokier
2009-11-06 11:31 ` Miklos Szeredi
2009-11-06 14:17 ` Pavel Machek
2009-11-06 20:55 ` Eric W. Biederman [this message]
2009-11-07 7:49 ` Miklos Szeredi
2009-11-07 11:09 ` Eric W. Biederman
2009-11-07 11:31 ` Miklos Szeredi
2009-11-07 11:48 ` Eric W. Biederman
2009-11-08 17:01 ` Pavel Machek
2009-11-16 11:50 ` Miklos Szeredi
2009-11-07 17:58 ` Pavel Machek
2009-11-09 8:58 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m17hu3xtiy.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=adilger@sun.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dhowells@redhat.com \
--cc=drepper@gmail.com \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mtk.manpages@gmail.com \
--cc=pavel@ucw.cz \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.