Hi, > So there is this small time window between 6 and 7 where group readers has > more permissions it should. BUT: This can only happen if admin changes the > rules, or does manually adjust permissions of some devices and then triggers > udev. so, you think that having, say, a sudo-callable script that modifies permissions in udev rules is an invalid configuration under any and all circumstances? And BTW, why does the chmod() have any error handling? If the time between 6 and 7 is guaranteed to be small, it's impossible for an error to ever happen there, anyhow. Well, OK, except for ENOENT, kindof, maybe ;-) Or in other words: (a) Race conditions stay race conditions even if they seem difficult to provoke, (b) what seems difficult to provoke under certain circumstances isn't necessarily all that difficult to provoke under different circumstances, and (c) it's usually a bad idea to base the security of a large and flexible system on a complicated and undocumented set of preconditions unless you are sure that those will be met, pretty much no matter what crazy ideas the user has. But thanks for pointing out another scenario that could happen in "more usual setups" where this bug would potentially allow more access than one would expect from the configuration. Florian -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
