From: Pavel Machek <pavel@ucw.cz>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
akpm@linux-foundation.org, viro@ZenIV.linux.org.uk,
dhowells@redhat.com, hch@infradead.org, adilger@sun.com,
mtk.manpages@gmail.com, torvalds@linux-foundation.org,
drepper@gmail.com, jamie@shareable.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 resend] vfs: new O_NODE open flag
Date: Fri, 6 Nov 2009 15:17:42 +0100 [thread overview]
Message-ID: <20091106141742.GA1428@ucw.cz> (raw)
In-Reply-To: <E1N63Io-000353-KX@pomaz-ex.szeredi.hu>
On Thu 2009-11-05 15:27:06, Miklos Szeredi wrote:
> On Thu, 5 Nov 2009, Alan Cox wrote:
> > > - re-opening normally after checking file type (there's a debate
> > > whether this would have security issues, but currently we do allow
> > > re-opening with increased permissions thorugh /proc/*/fd)
> >
> > Which has already been demonstrated to be an (unfixed) security hole.
>
> No it hasn't :) Jamie theorized that there *might* be a real world
> situation where the application writer didn't anticipate this
> behavior. But as to actual demonstration, we have not seen one yet, I
> think.
See bugtraq, or lkml thread about symlinks with permissions. There's
demo script there.
> And as for reopening O_NODE files with increased permission: that's
> feature people actually expressed interest in, so it's hardly a
> security hole, is it?
Just because people want it does not mean it is not a security hole.
Consider passing /etc/shadow filedesciptor to (legacy) suid root
program. Maybe it now prints /etc/shadow content, because it assumes
that if you have fd you are allowed to read the file?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2009-11-06 14:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-05 11:23 [PATCH v2 resend] vfs: new O_NODE open flag Miklos Szeredi
2009-11-05 13:15 ` Alan Cox
2009-11-05 14:27 ` Miklos Szeredi
2009-11-05 14:50 ` Alan Cox
2009-11-05 15:24 ` Miklos Szeredi
2009-11-05 15:56 ` Alan Cox
2009-11-05 16:52 ` Miklos Szeredi
2009-11-05 18:25 ` Alan Cox
2009-11-06 11:10 ` Miklos Szeredi
2009-11-06 1:40 ` Jamie Lokier
2009-11-06 11:31 ` Miklos Szeredi
2009-11-06 14:17 ` Pavel Machek [this message]
2009-11-06 20:55 ` Eric W. Biederman
2009-11-07 7:49 ` Miklos Szeredi
2009-11-07 11:09 ` Eric W. Biederman
2009-11-07 11:31 ` Miklos Szeredi
2009-11-07 11:48 ` Eric W. Biederman
2009-11-08 17:01 ` Pavel Machek
2009-11-16 11:50 ` Miklos Szeredi
2009-11-07 17:58 ` Pavel Machek
2009-11-09 8:58 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091106141742.GA1428@ucw.cz \
--to=pavel@ucw.cz \
--cc=adilger@sun.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dhowells@redhat.com \
--cc=drepper@gmail.com \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mtk.manpages@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.