From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Date: Tue, 25 Aug 2009 19:10:56 +0000 Subject: Re: [security] Race condition in udev Message-Id: <20090825191056.GA14525@kroah.com> List-Id: References: <20090821102407.GA29609@florz.florz.dyndns.org> In-Reply-To: <20090821102407.GA29609@florz.florz.dyndns.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Tue, Aug 25, 2009 at 08:53:18PM +0200, Florian Zumbiehl wrote: > > > b) (optionally mknod() with mode&0600), chmod() to mode&0600, > > > chown() to configured owner/group, chmod() to configured mode. > > > > > > This one potentially temporarily reduces permissions to a proper > > > subset of both the permissions before and after the change - > > > I guess that that's not desirable? > > > > See Scott's response as to why this isn't ok. > > I can't find anything as to why this wouldn't be ok in any of his emails. Because, again, you aren't really protecting anything here. Especially as you point out that there are no existing device node rules that have problems in them. So I fail to see the issue. thanks, greg k-h