From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: Does sendfile() copy extended attributes?
Date: Sun, 21 Dec 2003 19:51:28 +0000
Sender: linux-fsdevel-owner@vger.kernel.org
Message-ID: <20031221195128.GC5667@mail.shareable.org>
References: <000001c3c7f9$16e052d0$0201a8c0@joe> <1072035869.19157.52.camel@zaphod>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "Joseph D. Wagner" <theman@josephdwagner.info>,
	"'maximilian attems'" <janitor@sternwelten.at>,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail.shareable.org ([81.29.64.88]:61831 "EHLO
	mail.shareable.org") by vger.kernel.org with ESMTP id S263914AbTLUTyc
	(ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Sun, 21 Dec 2003 14:54:32 -0500
To: Shaya Potter <spotter@cs.columbia.edu>
Content-Disposition: inline
In-Reply-To: <1072035869.19157.52.camel@zaphod>
List-Id: linux-fsdevel.vger.kernel.org

Shaya Potter wrote:
> On Sun, 2003-12-21 at 14:31, Joseph D. Wagner wrote:
> > > I think you read what I wrote the wrong way.  Let me rephrase it:
> > > How can you know that function does not call an external program to
> > > perform its action?
> > 
> > Again, sendfile() is a KERNEL function.
> 
> unless you use the syscall macros to do the syscall interrupt yourself,
> you are calling the libc wrapper for the system call, not the system
> call itself.

Right.

And even if you did use the syscall macros, if an attacker has root
it's just as easy for them to intercept the system call as it is to
modify libc or /bin/cp.

That _are_ very good reasons to be wary of calling external programs,
but "because an attacker may have changed the executable" isn't not
the most important.

-- Jamie