From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] new syscall: flink
Date: 7 Apr 2003 06:43:40 GMT [thread overview]
Message-ID: <b6r6ms$tuj$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: b6r24v$f50$1@cesium.transmeta.com
H. Peter Anvin wrote:
>Here is a better piece of sample code that actually shows a
>permissions violation happening:
>
>[...]
>mkdir("testdir", 0700) = 0
>open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
>write(3, "Ansiktsburk\n", 12) = 12
>close(3) = 0
>open("testdir/testfile", O_RDONLY) = 3
>chmod("testdir", 0) = 0
>open("/proc/self/fd/3", O_RDWR) = 4
>write(4, "Tjo fidelittan hatt!\n", 21) = 21
You're right! Good point. I retract the comments in my previous email.
(I did try an experiment like this, but apparently not the right one.)
My conclusion: /proc/*/fd is a security hole. It should be fixed.
Do you agree?
next prev parent reply other threads:[~2003-04-07 6:57 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-06 19:05 [PATCH] new syscall: flink Dan Kegel
2003-04-06 19:07 ` Dan Kegel
2003-04-06 19:56 ` Oliver Neukum
2003-04-06 20:08 ` Malcolm Beattie
2003-04-06 20:33 ` Oliver Neukum
2003-04-06 21:12 ` Alan Cox
2003-04-07 2:33 ` H. Peter Anvin
2003-04-07 2:29 ` David Wagner
2003-04-07 9:09 ` Malcolm Beattie
2003-04-07 11:02 ` Olivier Galibert
2003-04-07 5:25 ` H. Peter Anvin
2003-04-07 6:43 ` David Wagner [this message]
2003-04-07 6:21 ` Vitaly
2003-04-07 16:17 ` Shaya Potter
-- strict thread matches above, loose matches on Subject: below --
2003-04-11 17:11 Clayton Weaver
2003-04-10 22:10 Clayton Weaver
2003-04-11 1:02 ` David Wagner
2003-04-10 0:31 Clayton Weaver
2003-04-08 13:06 Chuck Ebbert
2003-04-07 23:57 Chuck Ebbert
2003-04-07 16:50 Clayton Weaver
2003-04-07 17:11 ` Arjan van de Ven
2003-04-07 17:37 ` David Wagner
2003-04-07 18:43 ` Werner Almesberger
2003-04-08 5:06 ` Werner Almesberger
2003-04-07 20:35 ` H. Peter Anvin
2003-04-07 9:01 Clayton Weaver
[not found] <20030407102005.4c13ed7f.manushkinvv@desnol.ru>
[not found] ` <200304070709.h37792815083@mozart.cs.berkeley.edu>
2003-04-07 7:35 ` Vitaly
2003-04-07 14:57 ` H. Peter Anvin
2003-04-07 18:47 ` Wichert Akkerman
2003-04-07 20:05 ` Bill Rugolsky Jr.
2003-04-07 20:32 ` H. Peter Anvin
2003-04-07 2:56 Mark Grosberg
2003-04-07 3:39 ` H. Peter Anvin
2003-04-07 7:29 ` Miquel van Smoorenburg
2003-04-07 8:18 ` Olivier Galibert
2003-04-07 8:35 ` Jakub Jelinek
2003-04-07 9:11 ` Olivier Galibert
2003-04-07 11:13 ` Alan Cox
2003-04-07 12:31 ` Roman Zippel
2003-04-07 12:54 ` Andreas Schwab
2003-04-07 13:19 ` Roman Zippel
2003-04-07 20:55 ` Fredrik Tolf
2003-04-07 21:43 ` Ulrich Drepper
2003-04-07 22:17 ` Fredrik Tolf
2003-04-07 22:25 ` Ulrich Drepper
2003-04-07 22:55 ` Fredrik Tolf
2003-04-06 18:39 Ulrich Drepper
2003-04-07 17:35 ` Linus Torvalds
2003-04-07 20:37 ` H. Peter Anvin
2003-04-08 0:23 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='b6r6ms$tuj$1@abraham.cs.berkeley.edu' \
--to=daw@mozart.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox