From: Shaya Potter <spotter@cs.columbia.edu>
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] new syscall: flink
Date: 07 Apr 2003 12:17:21 -0400 [thread overview]
Message-ID: <1049732241.1243.45.camel@zaphod> (raw)
In-Reply-To: <b6r6ms$tuj$1@abraham.cs.berkeley.edu>
On Mon, 2003-04-07 at 02:43, David Wagner wrote:
> H. Peter Anvin wrote:
> >Here is a better piece of sample code that actually shows a
> >permissions violation happening:
> >
> >[...]
> >mkdir("testdir", 0700) = 0
> >open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
> >write(3, "Ansiktsburk\n", 12) = 12
> >close(3) = 0
> >open("testdir/testfile", O_RDONLY) = 3
> >chmod("testdir", 0) = 0
> >open("/proc/self/fd/3", O_RDWR) = 4
> >write(4, "Tjo fidelittan hatt!\n", 21) = 21
>
> You're right! Good point. I retract the comments in my previous email.
> (I did try an experiment like this, but apparently not the right one.)
>
> My conclusion: /proc/*/fd is a security hole. It should be fixed.
> Do you agree?
I'm somewhat confused, why don't /proc/*/fd entries behave like normal
symbolic links? i.e. shouldn't the inodes just be a symbolic link to
the d_path() of the fd? Since symbolic links have to travel the entire
path (hence calling fs->permission() or vfs_permission() on each dir) it
should catch that problem.
Is my understanding of the design wrong? Or is that right, and it's just
the implementation that's broken?
just wondering, thanks,
shaya
next prev parent reply other threads:[~2003-04-07 16:07 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-06 19:05 [PATCH] new syscall: flink Dan Kegel
2003-04-06 19:07 ` Dan Kegel
2003-04-06 19:56 ` Oliver Neukum
2003-04-06 20:08 ` Malcolm Beattie
2003-04-06 20:33 ` Oliver Neukum
2003-04-06 21:12 ` Alan Cox
2003-04-07 2:33 ` H. Peter Anvin
2003-04-07 2:29 ` David Wagner
2003-04-07 9:09 ` Malcolm Beattie
2003-04-07 11:02 ` Olivier Galibert
2003-04-07 5:25 ` H. Peter Anvin
2003-04-07 6:43 ` David Wagner
2003-04-07 6:21 ` Vitaly
2003-04-07 16:17 ` Shaya Potter [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-04-11 17:11 Clayton Weaver
2003-04-10 22:10 Clayton Weaver
2003-04-11 1:02 ` David Wagner
2003-04-10 0:31 Clayton Weaver
2003-04-08 13:06 Chuck Ebbert
2003-04-07 23:57 Chuck Ebbert
2003-04-07 16:50 Clayton Weaver
2003-04-07 17:11 ` Arjan van de Ven
2003-04-07 17:37 ` David Wagner
2003-04-07 18:43 ` Werner Almesberger
2003-04-08 5:06 ` Werner Almesberger
2003-04-07 20:35 ` H. Peter Anvin
2003-04-07 9:01 Clayton Weaver
[not found] <20030407102005.4c13ed7f.manushkinvv@desnol.ru>
[not found] ` <200304070709.h37792815083@mozart.cs.berkeley.edu>
2003-04-07 7:35 ` Vitaly
2003-04-07 14:57 ` H. Peter Anvin
2003-04-07 18:47 ` Wichert Akkerman
2003-04-07 20:05 ` Bill Rugolsky Jr.
2003-04-07 20:32 ` H. Peter Anvin
2003-04-07 2:56 Mark Grosberg
2003-04-07 3:39 ` H. Peter Anvin
2003-04-07 7:29 ` Miquel van Smoorenburg
2003-04-07 8:18 ` Olivier Galibert
2003-04-07 8:35 ` Jakub Jelinek
2003-04-07 9:11 ` Olivier Galibert
2003-04-07 11:13 ` Alan Cox
2003-04-07 12:31 ` Roman Zippel
2003-04-07 12:54 ` Andreas Schwab
2003-04-07 13:19 ` Roman Zippel
2003-04-07 20:55 ` Fredrik Tolf
2003-04-07 21:43 ` Ulrich Drepper
2003-04-07 22:17 ` Fredrik Tolf
2003-04-07 22:25 ` Ulrich Drepper
2003-04-07 22:55 ` Fredrik Tolf
2003-04-06 18:39 Ulrich Drepper
2003-04-07 17:35 ` Linus Torvalds
2003-04-07 20:37 ` H. Peter Anvin
2003-04-08 0:23 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1049732241.1243.45.camel@zaphod \
--to=spotter@cs.columbia.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).