From: ebiederm@xmission.com (Eric W. Biederman)
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: viro@math.psu.edu (Alexander Viro),
torvalds@transmeta.com (Linus Torvalds),
linux-kernel@vger.kernel.org
Subject: Re: Security question: "Text file busy" overwriting executables but
Date: 05 Oct 2001 10:30:19 -0600 [thread overview]
Message-ID: <m1zo76xd5w.fsf@frodo.biederman.org> (raw)
In-Reply-To: <E15pFHW-00041w-00@the-village.bc.nu>
In-Reply-To: <E15pFHW-00041w-00@the-village.bc.nu>
Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> > On Thu, 4 Oct 2001, Linus Torvalds wrote:
> >
> > > The reason the kernel refuses to honour it, is that MAP_DENYWRITE is an
> > > excellent DoS-vehicle - you just mmap("/etc/passwd") with MAP_DENYWRITE,
> > > and even root cannot write to it.. Vary nasty.
> >
> > <nit>
> > I _really_ doubt that something does write() on /etc/passwd. Create a
> > file and rename it over the thing - sure, but that's it.
> > </nit>
>
> The MAP_DENYWRITE rule was added a long time ago because people found actual
> workable DoS attacks
Do you have any details. I would like to figure out what it takes to
export MAP_DENYWRITE safely to userspace.
Currently checking to see if the file is executable looks good
enough. I don't see any case where this would be a problem, unless
someone has set their permissions wrong.
The fix for bad permission (during a DOS attack) is either:
chmod correct_permissions foo
lsof foo | xargs kill
or:
chmod correct_permissions foo
mv foo bar
cp -a bar foo
rm bar
Which looks fairly straight forward.
Eric
next prev parent reply other threads:[~2001-10-05 16:40 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-03 12:49 Security question: "Text file busy" overwriting executables but not shared libraries? Jesse Pollard
2001-10-03 18:06 ` Eric W. Biederman
2001-10-03 23:20 ` Rob Landley
2001-10-04 3:38 ` Eric W. Biederman
2001-10-04 4:19 ` Alexander Viro
2001-10-04 6:15 ` Eric W. Biederman
2001-10-04 8:21 ` CaT
2001-10-04 8:35 ` john slee
2001-10-04 8:45 ` CaT
2001-10-04 13:11 ` Eric W. Biederman
2001-10-04 14:24 ` Kernel size Richard B. Johnson
2001-10-13 20:35 ` Aaron Lehmann
2001-10-04 8:30 ` Security question: "Text file busy" overwriting executables but not shared libraries? Ville Herva
2001-10-04 9:46 ` Erik Andersen
2001-10-04 19:50 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04 8:53 ` Security question: "Text file busy" overwriting executables but not shared libraries? Andreas Schwab
2001-10-04 13:23 ` Eric W. Biederman
2001-10-04 9:12 ` Bloatware (was Re: Security question: "Text file busy"...) VDA
2001-10-04 5:38 ` Security question: "Text file busy" overwriting executables but not shared libraries? Linus Torvalds
2001-10-04 5:44 ` Alexander Viro
2001-10-04 5:49 ` Linus Torvalds
2001-10-04 15:01 ` Eric W. Biederman
2001-10-04 15:49 ` Linus Torvalds
2001-10-04 16:02 ` Richard Gooch
2001-10-04 16:20 ` Andreas Schwab
2001-10-04 17:19 ` Richard Gooch
2001-10-04 16:11 ` Alexander Viro
2001-10-04 19:28 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04 17:25 ` Security question: "Text file busy" overwriting executables but not shared libraries? Eric W. Biederman
2001-10-13 14:53 ` Jamie Lokier
2001-10-13 17:13 ` Linus Torvalds
2001-10-13 18:18 ` Rik van Riel
2001-10-13 18:40 ` Pablo Alcaraz
2001-10-13 19:05 ` Jamie Lokier
2001-10-13 18:54 ` Jamie Lokier
2001-10-13 19:23 ` Linus Torvalds
2001-10-13 19:46 ` Jamie Lokier
2001-10-13 21:43 ` Aaron Lehmann
2001-10-13 22:27 ` Eric W. Biederman
2001-10-13 22:50 ` Aaron Lehmann
2001-10-15 11:24 ` Jamie Lokier
2001-10-13 22:19 ` Linus Torvalds
2001-10-14 6:49 ` Eric W. Biederman
2001-10-14 8:17 ` Xavier Bestel
2001-10-14 15:40 ` Linus Torvalds
2001-10-14 18:49 ` Eric W. Biederman
2001-10-15 11:43 ` Jamie Lokier
2001-10-13 22:41 ` Richard Gooch
2001-10-15 11:35 ` Jamie Lokier
2001-10-15 11:51 ` Alexander Viro
2001-10-15 12:29 ` Jamie Lokier
2001-10-13 22:27 ` Linus Torvalds
2001-10-14 12:57 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-14 21:43 ` Security question: "Text file busy" overwriting executables but not shared libraries? Mark H. Wood
2001-10-04 5:53 ` Richard Gooch
2001-10-04 20:39 ` Security question: "Text file busy" overwriting executables but Alan Cox
2001-10-05 16:30 ` Eric W. Biederman [this message]
2001-10-05 16:58 ` Linus Torvalds
2001-10-05 17:35 ` Horst von Brand
2001-10-05 17:44 ` Linus Torvalds
2001-10-05 18:51 ` Oliver Xymoron
2001-10-06 19:05 ` Eric W. Biederman
2001-10-14 8:02 ` [RFC] "Text file busy" when overwriting libraries Eric W. Biederman
2001-10-14 12:08 ` Alan Cox
2001-10-14 20:48 ` Eric W. Biederman
2001-10-15 1:44 ` Alan Cox
2001-10-15 2:06 ` Linus Torvalds
2001-10-15 10:11 ` Eric W. Biederman
2001-10-15 11:54 ` Alan Cox
2001-10-15 11:57 ` Alexander Viro
2001-10-15 12:08 ` Alan Cox
2001-10-15 12:11 ` Alexander Viro
2001-10-04 6:50 ` Security question: "Text file busy" overwriting executables but not shared libraries? George Greer
2001-10-04 12:54 ` John Levon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1zo76xd5w.fsf@frodo.biederman.org \
--to=ebiederm@xmission.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
--cc=viro@math.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox