|
On Friday 07 June 2013 18:55:46 Lennart Poettering wrote: > > > On Fri, 07.06.13 12:09, Steve Grubb (sgrubb@xxxxxxxxxx) wrote: > > > > > > Maybe the uid can be encoded in the name so that wrong uid's are > > > > > > skipped? > User "simo" creates /dev/shm/1000/ even though 1000 is the UID of user > "lennart". Lennart can never start PA again, ever. And can't do anything > about it, because "simo" is in control, and /dev/shm is sticky.
Why the UID has to be encoded in the name? * The application can simply issue an lstat() before open() and skip files with wrong uid's.
* Obviously, an attacker could try and trigger some race condition on the name, but than it's OK for the audit to shout about it.
What am I missing?
-- Oron Peled Voice: +972-4-8228492 oron@xxxxxxxxxxxx http://users.actcom.co.il/~oron You know, someone once told me that New York has more lawyers than people. -- Warren Buffett, Fortune, 1999
|
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
