| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jul 2006 15:30:26 -0400 From: "Horst H. von Brand" <vonbrand@....utfsm.cl> To: Pekka Enberg <penberg@...helsinki.fi> cc: Petr Baudis <pasky@...e.cz>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, akpm@...l.org, viro@...iv.linux.org.uk, alan@...rguk.ukuu.org.uk, tytso@....edu, tigran@...itas.com Subject: Re: [RFC/PATCH] revoke/frevoke system calls V2 Pekka Enberg <penberg@...helsinki.fi> wrote: > On Thu, 2006-07-27 at 20:06 +0200, Petr Baudis wrote: > > Make that setuid root or just create log file owned by you and make root > > run it. Should be innocent enough, right? > > > > Well, except that you can revoke the log file before the shadow file is > > opened, at which point open() probably reuses the fd and the program > > conveniently logs to /etc/shadow. > No, the fd is leaked on purpose to avoid recycling. See revoke_fds for > details. Doesn't that violate a POSIX guarantee that the lowest unused fd is returned? If the leakage lasts "long enough", this gives an opportunity of a nice DoS by using up fds... -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists