From: kaih@khms.westfalen.de (Kai Henningsen)
To: linux-kernel@vger.kernel.org
Subject: Re: rm-ing files with open file descriptors
Date: 19 Jan 2002 19:44:00 +0200 [thread overview]
Message-ID: <8HBE1o7mw-B@khms.westfalen.de> (raw)
In-Reply-To: <Pine.GSO.4.21.0201190627310.3523-100000@weyl.math.psu.edu>
In-Reply-To: <a2bk6e$t2u$1@ncc1701.cistron.net> <Pine.GSO.4.21.0201190627310.3523-100000@weyl.math.psu.edu>
viro@math.psu.edu (Alexander Viro) wrote on 19.01.02 in <Pine.GSO.4.21.0201190627310.3523-100000@weyl.math.psu.edu>:
> On Sat, 19 Jan 2002, Miquel van Smoorenburg wrote:
>
> > This could be hacked around ofcourse in fs/namei.c, so I tried
> > it for fun. And indeed, with a minor correction it works:
> >
> > % perl flink.pl
> > Success.
> >
> > I now have a flink-test2.txt file. That is pretty cool ;)
>
> It's also a security hole.
It may well be one when going via /proc. But is it one when going via a
(hypothetical) proper flink(2)? If so, why?
Note that every process who has a filehandle open for reading can already
get at the file contents and write them to a completely new file, and
every process who has it open for writing can already change its contents
to everything it likes. So I can see read|write checks on the file handle.
Also all the usual link(2) checks. What else could be a hole?
MfG Kai
next prev parent reply other threads:[~2002-01-19 19:07 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-18 21:11 rm-ing files with open file descriptors Doug Alcorn
2002-01-18 21:27 ` Xavier Bestel
2002-01-18 21:28 ` Ken Brownfield
2002-01-19 20:23 ` Rob Landley
2002-01-18 21:49 ` Richard B. Johnson
2002-01-19 0:50 ` Miquel van Smoorenburg
2002-01-19 2:29 ` H. Peter Anvin
2002-01-19 10:57 ` Xavier Bestel
2002-01-19 11:10 ` Miquel van Smoorenburg
2002-01-19 11:28 ` Alexander Viro
2002-01-19 12:01 ` Miquel van Smoorenburg
2002-01-23 12:18 ` Pavel Machek
2002-01-24 9:46 ` Herbert Xu
2002-01-19 17:44 ` Kai Henningsen [this message]
2002-01-20 15:30 ` Richard Kettlewell
2002-01-20 18:21 ` Doug McNaught
2002-01-20 23:10 ` Miquel van Smoorenburg
2002-01-20 3:55 ` Chris Wedgwood
2002-01-19 15:21 ` Horst von Brand
2002-01-19 15:32 ` Mr. James W. Laferriere
2002-01-19 20:26 ` Rob Landley
2002-01-19 17:53 ` Miquel van Smoorenburg
2002-01-20 15:48 ` Horst von Brand
2002-01-19 20:24 ` Rob Landley
2002-01-19 11:15 ` Ville Herva
2002-01-19 12:16 ` Matthias Schniedermeyer
2002-01-19 12:22 ` Xavier Bestel
2002-01-19 12:29 ` Alexander Viro
2002-01-19 12:46 ` Xavier Bestel
2002-01-19 13:18 ` Rogier Wolff
2002-01-19 15:24 ` Horst von Brand
2002-01-19 14:50 ` Horst von Brand
2002-01-20 14:23 ` Remi Turk
2002-01-20 20:02 ` Ville Herva
2002-01-20 20:44 ` Andreas Ferber
2002-01-20 21:08 ` Ville Herva
2002-01-21 9:06 ` Horst von Brand
2002-01-21 9:21 ` Ville Herva
2002-01-18 21:59 ` J Sloan
2002-01-19 4:18 ` Andreas Bombe
2002-01-19 14:51 ` christophe barbé
2002-01-19 18:01 ` Kai Henningsen
2002-01-20 3:43 ` christophe barbé
-- strict thread matches above, loose matches on Subject: below --
2002-01-18 22:11 Hank Leininger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8HBE1o7mw-B@khms.westfalen.de \
--to=kaih@khms.westfalen.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.