From: Pavel Machek <pavel@ucw.cz>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
akpm@linux-foundation.org, viro@ZenIV.linux.org.uk,
dhowells@redhat.com, hch@infradead.org, adilger@sun.com,
mtk.manpages@gmail.com, torvalds@linux-foundation.org,
drepper@gmail.com, jamie@shareable.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 resend] vfs: new O_NODE open flag
Date: Fri, 6 Nov 2009 15:17:42 +0100 [thread overview]
Message-ID: <20091106141742.GA1428@ucw.cz> (raw)
In-Reply-To: <E1N63Io-000353-KX@pomaz-ex.szeredi.hu>
On Thu 2009-11-05 15:27:06, Miklos Szeredi wrote:
> On Thu, 5 Nov 2009, Alan Cox wrote:
> > > - re-opening normally after checking file type (there's a debate
> > > whether this would have security issues, but currently we do allow
> > > re-opening with increased permissions thorugh /proc/*/fd)
> >
> > Which has already been demonstrated to be an (unfixed) security hole.
>
> No it hasn't :) Jamie theorized that there *might* be a real world
> situation where the application writer didn't anticipate this
> behavior. But as to actual demonstration, we have not seen one yet, I
> think.
See bugtraq, or lkml thread about symlinks with permissions. There's
demo script there.
> And as for reopening O_NODE files with increased permission: that's
> feature people actually expressed interest in, so it's hardly a
> security hole, is it?
Just because people want it does not mean it is not a security hole.
Consider passing /etc/shadow filedesciptor to (legacy) suid root
program. Maybe it now prints /etc/shadow content, because it assumes
that if you have fd you are allowed to read the file?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2009-11-06 14:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-05 11:23 [PATCH v2 resend] vfs: new O_NODE open flag Miklos Szeredi
2009-11-05 13:15 ` Alan Cox
2009-11-05 14:27 ` Miklos Szeredi
2009-11-05 14:50 ` Alan Cox
2009-11-05 15:24 ` Miklos Szeredi
2009-11-05 15:56 ` Alan Cox
2009-11-05 16:52 ` Miklos Szeredi
2009-11-05 18:25 ` Alan Cox
2009-11-06 11:10 ` Miklos Szeredi
2009-11-06 1:40 ` Jamie Lokier
2009-11-06 11:31 ` Miklos Szeredi
2009-11-06 14:17 ` Pavel Machek [this message]
2009-11-06 20:55 ` Eric W. Biederman
2009-11-07 7:49 ` Miklos Szeredi
2009-11-07 11:09 ` Eric W. Biederman
2009-11-07 11:31 ` Miklos Szeredi
2009-11-07 11:48 ` Eric W. Biederman
2009-11-08 17:01 ` Pavel Machek
2009-11-16 11:50 ` Miklos Szeredi
2009-11-07 17:58 ` Pavel Machek
2009-11-09 8:58 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091106141742.GA1428@ucw.cz \
--to=pavel@ucw.cz \
--cc=adilger@sun.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dhowells@redhat.com \
--cc=drepper@gmail.com \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mtk.manpages@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).