On Thu 2009-11-05 15:27:06, Miklos Szeredi wrote: > On Thu, 5 Nov 2009, Alan Cox wrote: > > > - re-opening normally after checking file type (there's a debate > > > whether this would have security issues, but currently we do allow > > > re-opening with increased permissions thorugh /proc/*/fd) > > > > Which has already been demonstrated to be an (unfixed) security hole. > > No it hasn't :) Jamie theorized that there *might* be a real world > situation where the application writer didn't anticipate this > behavior. But as to actual demonstration, we have not seen one yet, I > think. See bugtraq, or lkml thread about symlinks with permissions. There's demo script there. > And as for reopening O_NODE files with increased permission: that's > feature people actually expressed interest in, so it's hardly a > security hole, is it? Just because people want it does not mean it is not a security hole. Consider passing /etc/shadow filedesciptor to (legacy) suid root program. Maybe it now prints /etc/shadow content, because it assumes that if you have fd you are allowed to read the file? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
