From: Pavel Machek <pavel@ucw.cz>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jlayton@redhat.com, jamie@shareable.org, ebiederm@xmission.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
viro@ZenIV.linux.org.uk
Subject: Re: [PATCH 0/3] vfs: plug some holes involving LAST_BIND symlinks and file bind mounts (try #5)
Date: Mon, 30 Nov 2009 13:28:51 +0100 [thread overview]
Message-ID: <20091130122851.GF13328@elf.ucw.cz> (raw)
In-Reply-To: <E1NCuz4-00010e-Ch@pomaz-ex.szeredi.hu>
On Tue 2009-11-24 13:59:06, Miklos Szeredi wrote:
> On Tue, 24 Nov 2009, Pavel Machek wrote:
> > I believe that current semantics is ugly enough that 'documenting' it
> > is not enough... and people want to port from other systems, too, not
> > expecting nasty surprises like this...
>
> This hasn't been a problem for the last 12 years, and still we don't
> see script kiddies exploiting this hole and sysadmins hurrying to
> secure their system, even though it has been public for quite a while.
>
> Why?
Because condition when it hits are quite unusual?
> The reason might be, that there *is no* violation of security.
Well, security people disagree with you.
> See this: the surprise isn't that an inode can be reached from
> multiple paths, that has been possible with hard links for as long as
> unix lived. The suprise is that the inode can be reached through
> proc. So this "hole" that has been opened about 12 years ago in linux
> is quite well known. Only this particular aspect of it isn't well
> known, but that doesn't mean it's not right, does it?
It does. Bypassing checks on read-only file descriptors is design
misfeature, and users are clearly unaware. (See bugtraq). Being "old"
does not mean it is right.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2009-11-30 12:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-23 17:41 [PATCH 0/3] vfs: plug some holes involving LAST_BIND symlinks and file bind mounts (try #5) Jeff Layton
2009-11-23 17:41 ` [PATCH 1/3] vfs: force reval of target when following LAST_BIND symlinks Jeff Layton
2009-11-23 17:41 ` [PATCH 2/3] vfs: force reval on dentry of bind mounted files on FS_REVAL_DOT filesystems Jeff Layton
2009-11-23 17:41 ` [PATCH 3/3] vfs: check path permissions on target of LAST_BIND symlinks Jeff Layton
2009-11-23 22:05 ` [PATCH 0/3] vfs: plug some holes involving LAST_BIND symlinks and file bind mounts (try #5) Eric W. Biederman
2009-11-23 22:36 ` Jeff Layton
2009-11-23 22:49 ` Jamie Lokier
2009-11-23 23:15 ` Jeff Layton
2009-11-23 23:35 ` Eric W. Biederman
2009-11-24 0:34 ` Jeff Layton
2009-11-24 1:20 ` Jamie Lokier
2009-11-24 11:26 ` Jeff Layton
2009-11-24 11:53 ` Miklos Szeredi
2009-11-24 12:09 ` Pavel Machek
2009-11-24 12:59 ` Miklos Szeredi
2009-11-30 12:28 ` Pavel Machek [this message]
2009-11-30 19:21 ` Eric W. Biederman
2009-11-24 13:13 ` Duane Griffin
2009-11-24 13:13 ` Duane Griffin
2009-11-30 19:00 ` Jamie Lokier
2009-12-01 8:56 ` Duane Griffin
2009-12-01 8:56 ` Duane Griffin
2009-12-16 12:31 ` Al Viro
2009-12-20 19:59 ` Pavel Machek
2009-12-20 21:04 ` Al Viro
2009-12-20 21:06 ` Pavel Machek
2009-12-20 21:23 ` Al Viro
2010-01-01 15:40 ` Pavel Machek
2010-01-10 4:42 ` Al Viro
2009-12-01 13:15 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091130122851.GF13328@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=ebiederm@xmission.com \
--cc=jamie@shareable.org \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.