From: Bodo Eggert <7eggert@gmx.de>
To: Brent Casavant <bcasavan@sgi.com>, linux-kernel@vger.kernel.org
Subject: Re: O_NOLINK for open()
Date: Thu, 13 Sep 2007 00:33:26 +0200 [thread overview]
Message-ID: <E1IValy-0000fU-Sd@be1.lrz> (raw)
In-Reply-To: 92Haf-7z7-5@gated-at.bofh.it
Brent Casavant <bcasavan@sgi.com> wrote:
[...]
> I could mmap a temporary tmpfs file (tmpfs so that if there is a
> machine crash no sensitive data persists) which is created with
> permissions of 0, immediately unlink it, and pass the file
> descriptor through an AF_UNIX socket. This does open up a very
> small window of vulnerability if another process is able to chmod
> the file and open it before the unlink.
If the process can chmod the file, it can ptrace the daemon, too.
Or, using CAP_DAC_OVERRIDE, it can patch the daemon.
Both will void any security.
> However, it occurs to me that this problem goes away if there were
> a method create a file in an unlinked state to begin with. However
> there does not appear to be any such mechanism in Linux's open()
> interface.
Having no window for creating stale temp files is nice to have. We only
need a clever fool to implement it.-) But since it's hard to get killed
just in the right moment for having a stale temp file, there is very low
interest for this feature.
--
You know you're in trouble when packet floods are competing to flood you.
-- grc.com
Friß, Spammer: dnLqD2P@t.7eggert.dyndns.org npkrx@imrx.fp6.7eggert.dyndns.org
next parent reply other threads:[~2007-09-12 22:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <92Haf-7z7-5@gated-at.bofh.it>
2007-09-12 22:33 ` Bodo Eggert [this message]
2007-09-13 9:13 ` O_NOLINK for open() Jan Kara
2007-09-14 9:07 ` Bodo Eggert
[not found] ` <92TO5-246-1@gated-at.bofh.it>
[not found] ` <92Zqu-2ur-1@gated-at.bofh.it>
2007-09-14 10:30 ` Bodo Eggert
2007-09-14 10:50 ` Andreas Schwab
2007-09-14 17:26 ` Bodo Eggert
2007-09-12 20:37 Brent Casavant
2007-09-12 21:07 ` H. Peter Anvin
2007-09-12 21:39 ` Brent Casavant
2007-09-12 21:46 ` H. Peter Anvin
2007-09-12 21:42 ` Andreas Schwab
2007-09-12 22:44 ` Brent Casavant
2007-09-12 22:49 ` Al Viro
2007-09-12 23:27 ` Brent Casavant
2007-09-12 23:48 ` Brent Casavant
2007-09-14 16:37 ` Goswin von Brederlow
2007-09-13 10:08 ` Gabor Gombas
2007-09-13 16:05 ` Brent Casavant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1IValy-0000fU-Sd@be1.lrz \
--to=7eggert@gmx.de \
--cc=bcasavan@sgi.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.