From: Richard Weinberger <richard@nod.at>
To: "Mickaël Salaün" <mic@digikod.net>, linux-kernel@vger.kernel.org
Cc: Jeff Dike <jdike@addtoit.com>,
Tristan Schmelcher <tschmelcher@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
user-mode-linux-devel@lists.sourceforge.net,
user-mode-linux-user@lists.sourceforge.net
Subject: Re: [PATCH 1/2] um: Set secure access mode for temporary file
Date: Sun, 29 Nov 2015 00:11:39 +0100 [thread overview]
Message-ID: <565A34AB.5010303@nod.at> (raw)
In-Reply-To: <565A3228.5080908@digikod.net>
Am 29.11.2015 um 00:00 schrieb Mickaël Salaün:
>
>
> On 28/11/2015 23:55, Richard Weinberger wrote:
>> Am 28.11.2015 um 23:52 schrieb Mickaël Salaün:
>>>
>>> On 28/11/2015 22:40, Richard Weinberger wrote:
>>>> Am 28.11.2015 um 22:32 schrieb Mickaël Salaün:
>>>>> Replace the default insecure mode 0777 with 0700 for temporary file.
>>>>>
>>>>> Prohibit other users to change the executable mapped code.
>>>>
>>>> Hmm, isn't the tmp file already unlinked at this stage?
>>>>
>>>
>>> Yes, but if someone could open it before the unlink e.g. because of the umask (which does not seems to be the case thanks to mkstemp, but remains unspecified [1]), this user should then be able to have write access to the file descriptor/description.
>>
>> Yes, someone can open it before the unlink. But you change the file mode after that.
>> How does it improve the situation? The attacker has already the file handle.
>
> The attacker could have the file handle only in a read-only mode, which is a bit different than being able to write and execute arbitrary code thanks to a file descriptor mapped RWX :)
Fair point. Please describe this in detail in the patch changelog. :-)
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-11-28 23:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-28 21:32 [PATCH 0/2] um: Protect memory mapped file Mickaël Salaün
2015-11-28 21:32 ` [PATCH 1/2] um: Set secure access mode for temporary file Mickaël Salaün
2015-11-28 21:40 ` [uml-devel] " Richard Weinberger
2015-11-28 22:52 ` Mickaël Salaün
2015-11-28 22:55 ` Richard Weinberger
2015-11-28 23:00 ` Mickaël Salaün
2015-11-28 23:11 ` Richard Weinberger [this message]
2015-11-28 21:32 ` [PATCH 2/2] um: Use race-free temporary file creation Mickaël Salaün
2015-11-28 22:07 ` [uml-devel] " Richard Weinberger
2015-11-28 22:56 ` Mickaël Salaün
2015-11-28 22:59 ` Richard Weinberger
2015-11-28 23:02 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565A34AB.5010303@nod.at \
--to=richard@nod.at \
--cc=gregkh@linuxfoundation.org \
--cc=jdike@addtoit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@digikod.net \
--cc=tschmelcher@google.com \
--cc=user-mode-linux-devel@lists.sourceforge.net \
--cc=user-mode-linux-user@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).