From: David Newall <davidn@davidnewall.com>
To: Geoffrey McRae <geoff@rabidhost.com>
Cc: Peter Teoh <htmldeveloper@gmail.com>,
Valdis.Kletnieks@vt.edu, Alan Cox <alan@lxorguk.ukuu.org.uk>,
linux-kernel@vger.kernel.org
Subject: Re: New Security Features, Please Comment
Date: Wed, 03 Dec 2008 17:24:22 +1030 [thread overview]
Message-ID: <49362D1E.1000907@davidnewall.com> (raw)
In-Reply-To: <1228280545.6679.40.camel@lappy.spacevs.com>
Geoffrey McRae wrote:
> Right now the only forseeable problem is that if a process holds a fd
> open when the parent app changes its uid/gid, which still, the worst
> that it can do is read/write another user's file.
Well, no, there are more problems than open file descriptors; and the
worst is much worse than reading or writing another user's file.
Suppose you're changing the ids of the Perl, Python or PHP interpreter:
the first user could install a SIGCLD handler and fork and exec sleep.
When sleep dies, the handler gets executed as another user - hopefully a
user with access to credit card details, or other financially valuable
information.
next prev parent reply other threads:[~2008-12-03 6:54 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-02 23:28 New Security Features, Please Comment Geoffrey McRae
2008-12-03 0:24 ` Geoffrey McRae
2008-12-03 0:53 ` Alan Cox
2008-12-03 1:44 ` Geoffrey McRae
2008-12-03 2:11 ` David Newall
2008-12-03 2:55 ` Valdis.Kletnieks
2008-12-03 4:02 ` Geoffrey McRae
2008-12-03 4:35 ` Peter Teoh
2008-12-03 5:02 ` Geoffrey McRae
2008-12-03 6:54 ` David Newall [this message]
2008-12-03 10:29 ` Alan Cox
2008-12-03 12:42 ` Nick Andrew
2008-12-03 12:46 ` Alan Cox
2008-12-03 22:44 ` Geoffrey McRae
2008-12-03 23:08 ` Alan Cox
2008-12-03 23:27 ` Peter Teoh
2008-12-03 23:40 ` Geoffrey McRae
2008-12-04 21:56 ` Valdis.Kletnieks
2008-12-04 22:30 ` Geoffrey McRae
2008-12-05 3:35 ` Valdis.Kletnieks
2008-12-05 3:44 ` Nick Andrew
2008-12-05 3:50 ` Geoffrey McRae
2008-12-05 4:03 ` Valdis.Kletnieks
2008-12-03 23:39 ` Miquel van Smoorenburg
2008-12-04 0:00 ` Geoffrey McRae
2008-12-04 0:22 ` Peter Teoh
2008-12-04 0:08 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49362D1E.1000907@davidnewall.com \
--to=davidn@davidnewall.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=geoff@rabidhost.com \
--cc=htmldeveloper@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.