All of lore.kernel.org
 help / color / mirror / Atom feed
* security issue with metas/readdir in reiser4
@ 2004-03-28 20:43 Filipe Almeida
  2004-03-29 16:13 ` Hans Reiser
  0 siblings, 1 reply; 2+ messages in thread
From: Filipe Almeida @ 2004-03-28 20:43 UTC (permalink / raw)
  To: reiserfs-list

Hi,

There is a security problem with the implementation of dir/metas/readdir.
This file is readable even if the directory isn't readable by the current 
user. This is against traditional unix behavior and is a security issue in 
many configurations (apache user dir setups, spool directories of some MTA's, 
etc).

There are other minor issues, like metas/* appearing owned by the current uid 
and not the actual file owner, and not returning EACCES while changing rwx 
when you don't have permissions. Just silently ignoring the action.

Regards,
Filipe Almeida

--
Filipe Almeida <filipe@rnl.ist.utl.pt>
http://mega.ist.utl.pt/~filipe/


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-03-29 16:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-28 20:43 security issue with metas/readdir in reiser4 Filipe Almeida
2004-03-29 16:13 ` Hans Reiser

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.