Hi, > On Fri, Aug 21, 2009 at 12:24, Florian Zumbiehl<florz@xxxxxxxx> wrote: > > reading some of the source of udev, I noticed what I would suspect to be a > > race condition with security implications, namely that device nodes > > are first mknod()/chmod()ed with the permission mask that they're supposed > > to have at the end, but potentially at this point applying to the > > wrong owner and group, before then being chown()ed to the correct > > owner and group. > > The device node is owned by root, what's the problem here? at least after the (first) chown() it potentially isn't owned by root, so your statement in that form is false. So: Which point in the process do you refer to (and why do you think that it being owned by root at that point prevents permissions from potentially being more permissive than specified in the configuration)? Florian -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
