On Tue, 28 Dec 2010 17:15:57 -0500 Greg Freemyer <greg.freemyer@xxxxxxxxx> wrote: > On Tue, Dec 28, 2010 at 5:06 PM, Olaf van der Spek <olafvdspek@xxxxxxxxx> wrote: > > On Tue, Dec 28, 2010 at 11:00 PM, Greg Freemyer <greg.freemyer@xxxxxxxxx> wrote: > >> create temp file > >> write out new data > >> delete old file > >> rename temp file to primary name > >> === > >> > >> If so there is still a little window of vulnerability where the whole > >> file can be lost. (Or at least only the temp file is present). > > > > Delete isn't used, rename will overwrite the old file. So it's safe. > > Meta-data is probably lost, file owner is certainly lost. > > > > Olaf > > So ACLs are lost? > > That seems like a potentially bigger issue than loosing the owner/group info. > > And I assume if the owner changes, then the new owner has privileges > to modify ACLs he didn't have previously. > > So if I want to instigate a simple denial of service in a multi-user > environment, I edit a few key docs that I have privileges to edit. By > doing so I take ownership. As owner I change the permissions and > ACLs so that no one but me can access them. > > Seems like a security hole to me. Giving someone you don't trust uncontrolled write access to something you value has always been a security issue - long before ACLs or editors or computers. NeilBrown -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
