From mboxrd@z Thu Jan 1 00:00:00 1970 From: Scott James Remnant Date: Tue, 25 Aug 2009 16:49:15 +0000 Subject: Re: [security] Race condition in udev Message-Id: <1251218955.4175.78.camel@quest> MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-V1qxEJBtRwvt0wMgTMjy" List-Id: References: <20090821102407.GA29609@florz.florz.dyndns.org> In-Reply-To: <20090821102407.GA29609@florz.florz.dyndns.org> To: linux-hotplug@vger.kernel.org --=-V1qxEJBtRwvt0wMgTMjy Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2009-08-25 at 18:27 +0200, Florian Zumbiehl wrote: > see, that's why I am trying to consult with you before trying to > "muck around with this kind of code". However, you may have noticed > that this message of yours was rather much void of any information > that could help me in doing so. Also, you are welcome to fix the > bug I was reporting using your understanding of the code, so I > don't have to "muck around with this kind of code" - I really am > not all that keen on doing so. >=20 But you haven't reported a bug. You say that setting the mode of a device node before setting the ownership is a security issue, *but* you have not demonstrated how this might be exploited. Since device nodes are created with root ownership, setting the mode before the ownership is *not a concern* because it can only have less access than afterwards. Scott --=20 Scott James Remnant scott@canonical.com --=-V1qxEJBtRwvt0wMgTMjy Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkqUFgsACgkQSnQiFMl4yK7+GwCgpl8+Y+n747sbFQUD4qXqhQ8B ZxkAnj0ndg23/gKescYBDzmkB857a48A =t+b0 -----END PGP SIGNATURE----- --=-V1qxEJBtRwvt0wMgTMjy--