On Fri, Aug 21, 2009 at 13:25, Florian Zumbiehl<florz@xxxxxxxx> wrote: >> On Fri, Aug 21, 2009 at 12:24, Florian Zumbiehl<florz@xxxxxxxx> wrote: >> > reading some of the source of udev, I noticed what I would suspect to be a >> > race condition with security implications, namely that device nodes >> > are first mknod()/chmod()ed with the permission mask that they're supposed >> > to have at the end, but potentially at this point applying to the >> > wrong owner and group, before then being chown()ed to the correct >> > owner and group. >> >> The device node is owned by root, what's the problem here? > > at least after the (first) chown() it potentially isn't owned by root, so > your statement in that form is false. The mknod() already happens with the configured mode, so after the chown() we already have the configured permissions/ownership set. Kay -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
