public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Albert Cahalan <albert@users.sf.net>
To: linux-kernel mailing list <linux-kernel@vger.kernel.org>
Cc: greg@kroah.com
Subject: dynamic /dev security hole?
Date: 08 Aug 2004 08:47:40 -0400	[thread overview]
Message-ID: <1091969260.5759.125.camel@cube> (raw)

Suppose I have access to a device, for whatever legit
reason. Maybe I'm given access to a USB key with
some particular serial number.

I hard link this to somewhere else. Never mind that an
admin could in theory use 42 separate partitions and
mount most of the system with the "nodev" option. This
is rarely done.

Now the device is removed. The /dev entry goes away.
A new device is added, and it gets the same device
number as the device I had legit access to. Hmmm?

I should mention open file descriptors too, though I
think the transition away from doing dev_t lookups in
the read()/write()/etc. code has taken care of that.



             reply	other threads:[~2004-08-08 15:19 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-08 12:47 Albert Cahalan [this message]
2004-08-08 15:58 ` dynamic /dev security hole? Marc Ballarin
2004-08-08 15:04   ` Albert Cahalan
2004-08-08 20:42     ` Greg KH
2004-08-08 16:21   ` Greg KH
2004-08-08 21:43     ` Marc Ballarin
2004-08-08 22:07     ` Marc Ballarin
2004-08-09  4:40       ` Eric Lammerts
2004-08-09 13:30         ` Michael Buesch
2004-08-09 13:19           ` Albert Cahalan
2004-08-09 16:54             ` Michael Buesch
2004-08-09 17:04               ` Eric Lammerts
2004-08-09 17:14                 ` Michael Buesch
2004-08-10  0:21                   ` Greg KH
2004-08-11 17:12             ` [RFC, PATCH] sys_revoke(), just a try. (was: Re: dynamic /dev security hole?) Michael Buesch
2004-08-12 16:49               ` Michael Buesch
2004-08-12 19:51                 ` Alan Cox
2004-08-12 19:39                   ` Albert Cahalan
2004-08-13 12:39                   ` Michael Buesch
2004-08-09 14:49         ` dynamic /dev security hole? Alan Cox
2004-08-09 16:17           ` Eric Lammerts
2004-08-09 15:33             ` Alan Cox
2004-08-09 16:47               ` Eric Lammerts
2004-08-09 17:54                 ` Alan Cox
2004-08-10  0:21       ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1091969260.5759.125.camel@cube \
    --to=albert@users.sf.net \
    --cc=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox