From: David Newall <davidn@davidnewall.com>
To: Geoffrey McRae <geoff@rabidhost.com>
Cc: Peter Teoh <htmldeveloper@gmail.com>,
Valdis.Kletnieks@vt.edu, Alan Cox <alan@lxorguk.ukuu.org.uk>,
linux-kernel@vger.kernel.org
Subject: Re: New Security Features, Please Comment
Date: Wed, 03 Dec 2008 17:24:22 +1030 [thread overview]
Message-ID: <49362D1E.1000907@davidnewall.com> (raw)
In-Reply-To: <1228280545.6679.40.camel@lappy.spacevs.com>
Geoffrey McRae wrote:
> Right now the only forseeable problem is that if a process holds a fd
> open when the parent app changes its uid/gid, which still, the worst
> that it can do is read/write another user's file.
Well, no, there are more problems than open file descriptors; and the
worst is much worse than reading or writing another user's file.
Suppose you're changing the ids of the Perl, Python or PHP interpreter:
the first user could install a SIGCLD handler and fork and exec sleep.
When sleep dies, the handler gets executed as another user - hopefully a
user with access to credit card details, or other financially valuable
information.
next prev parent reply other threads:[~2008-12-03 6:54 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-02 23:28 New Security Features, Please Comment Geoffrey McRae
2008-12-03 0:24 ` Geoffrey McRae
2008-12-03 0:53 ` Alan Cox
2008-12-03 1:44 ` Geoffrey McRae
2008-12-03 2:11 ` David Newall
2008-12-03 2:55 ` Valdis.Kletnieks
2008-12-03 4:02 ` Geoffrey McRae
2008-12-03 4:35 ` Peter Teoh
2008-12-03 5:02 ` Geoffrey McRae
2008-12-03 6:54 ` David Newall [this message]
2008-12-03 10:29 ` Alan Cox
2008-12-03 12:42 ` Nick Andrew
2008-12-03 12:46 ` Alan Cox
2008-12-03 22:44 ` Geoffrey McRae
2008-12-03 23:08 ` Alan Cox
2008-12-03 23:27 ` Peter Teoh
2008-12-03 23:40 ` Geoffrey McRae
2008-12-04 21:56 ` Valdis.Kletnieks
2008-12-04 22:30 ` Geoffrey McRae
2008-12-05 3:35 ` Valdis.Kletnieks
2008-12-05 3:44 ` Nick Andrew
2008-12-05 3:50 ` Geoffrey McRae
2008-12-05 4:03 ` Valdis.Kletnieks
2008-12-03 23:39 ` Miquel van Smoorenburg
2008-12-04 0:00 ` Geoffrey McRae
2008-12-04 0:22 ` Peter Teoh
2008-12-04 0:08 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49362D1E.1000907@davidnewall.com \
--to=davidn@davidnewall.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=geoff@rabidhost.com \
--cc=htmldeveloper@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox