From: Jamie Lokier <jamie@shareable.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Pavel Machek <pavel@ucw.cz>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Jan Kara <jack@suse.cz>, "J. Bruce Fields" <bfields@fieldses.org>,
"Serge E. Hallyn" <serue@us.ibm.com>,
kernel list <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk
Subject: Re: symlinks with permissions
Date: Sat, 31 Oct 2009 02:30:10 +0000 [thread overview]
Message-ID: <20091031023010.GB17680@shareable.org> (raw)
In-Reply-To: <m1ocnomqlz.fsf@fess.ebiederm.org>
Eric W. Biederman wrote:
> Pavel Machek <pavel@ucw.cz> writes:
> >> How many linux shell scripts and other applications that use /dev/fd/N
> >> or /proc/self/fd/N will you be breaking?
> >
> > Zero. (Well unless someone is exploiting it in wild).
>
> There are other differences like different offsets etc that may matter.
>
> >> Closing a theoretical security hole at the expense of breaking real
> >> applications is a show stopper.
> >
> > I don't plan to remove /proc/*/fd; but I would like it to behave like
> > dup().
> >
> > (I still hope some security team does work for me :-).
Yes, it must not be like dup(), sharing the file pointer, because I'm
sure that really will break some programs.
Like all the ones using gnulib (formerly libiberty) which use
/proc/self/fd/N/path/to/file to implement fake openat(N,"path/to/file").
> I bet you will get a lot more traction and discussion if you write
> a basic mostly working version of the patch.
I agree, and I'll be happy to review/break it ;-)
-- Jamie
next prev parent reply other threads:[~2009-10-31 2:30 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-25 6:29 symlinks with permissions Pavel Machek
2009-10-26 16:31 ` Jan Kara
2009-10-26 16:57 ` Serge E. Hallyn
2009-10-26 17:36 ` J. Bruce Fields
2009-10-26 17:46 ` Jan Kara
2009-10-26 17:57 ` Trond Myklebust
2009-10-25 9:36 ` Pavel Machek
2009-10-26 18:22 ` Trond Myklebust
2009-10-27 8:11 ` Pavel Machek
2009-10-27 10:27 ` Jamie Lokier
2009-10-26 18:35 ` J. Bruce Fields
2009-10-28 4:15 ` Eric W. Biederman
2009-10-28 8:16 ` Pavel Machek
2009-10-28 11:25 ` Eric W. Biederman
2009-10-28 21:03 ` Pavel Machek
2009-10-29 2:20 ` Eric W. Biederman
2009-10-29 11:03 ` Pavel Machek
2009-10-29 16:23 ` Eric W. Biederman
2009-10-30 18:35 ` Pavel Machek
2009-10-30 20:37 ` Nick Bowler
2009-10-30 23:03 ` Eric W. Biederman
2009-10-31 2:30 ` Jamie Lokier [this message]
2009-10-28 16:34 ` Casey Schaufler
2009-10-28 19:44 ` Jamie Lokier
2009-10-28 21:06 ` Pavel Machek
2009-10-28 22:48 ` David Wagner
2009-10-29 4:13 ` Casey Schaufler
2009-10-29 7:53 ` David Wagner
2009-10-30 14:07 ` Pavel Machek
2009-10-31 4:09 ` Casey Schaufler
2009-11-01 9:23 ` David Wagner
2009-11-01 17:43 ` Casey Schaufler
2009-11-01 20:39 ` David Wagner
2009-11-01 22:05 ` Casey Schaufler
2009-10-26 18:02 ` J. Bruce Fields
2009-10-26 17:57 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091031023010.GB17680@shareable.org \
--to=jamie@shareable.org \
--cc=bfields@fieldses.org \
--cc=ebiederm@xmission.com \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=serue@us.ibm.com \
--cc=trond.myklebust@fys.uio.no \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.