On Tue 2009-11-24 13:59:06, Miklos Szeredi wrote: > On Tue, 24 Nov 2009, Pavel Machek wrote: > > I believe that current semantics is ugly enough that 'documenting' it > > is not enough... and people want to port from other systems, too, not > > expecting nasty surprises like this... > > This hasn't been a problem for the last 12 years, and still we don't > see script kiddies exploiting this hole and sysadmins hurrying to > secure their system, even though it has been public for quite a while. > > Why? Because condition when it hits are quite unusual? > The reason might be, that there *is no* violation of security. Well, security people disagree with you. > See this: the surprise isn't that an inode can be reached from > multiple paths, that has been possible with hard links for as long as > unix lived. The suprise is that the inode can be reached through > proc. So this "hole" that has been opened about 12 years ago in linux > is quite well known. Only this particular aspect of it isn't well > known, but that doesn't mean it's not right, does it? It does. Bypassing checks on read-only file descriptors is design misfeature, and users are clearly unaware. (See bugtraq). Being "old" does not mean it is right. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
