lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 19 Mar 2008 16:28:08 -0600
From:	Matthew Wilcox <matthew@....cx>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	bugme-daemon@...zilla.kernel.org, joe@...itfly.org
Subject: Re: [Bugme-new] [Bug 10284] New: executables with read bit 'off' cannot open /dev/stdin

On Wed, Mar 19, 2008 at 02:31:08PM -0700, Andrew Morton wrote:
> > Problem Description: if the read bit of a binary executable is off, then open()
> > on /dev/stdin fails with a EACCES error.
> 
> This is, umm, unexpected?

I'm not sure it's unexpected.  It's undesirable, certainly.

> > open("/dev/stdin", O_RDONLY)            = -1 EACCES (Permission denied)
> > 
> > The last line shows a Permission denied error on opening /dev/stdin. If a
> > normal filesystem (i.e. not-/dev/) filename is used, the open works normally.
> > 
> > I have reproduced this on 2.4 and 2.6 kernels
> > Just a guess here: is an error flag from attempting to read the binary not
> > getting cleared and is being reported when trying to open stdin?

I think the guess is faulty.  Could you show ls -l /dev/stdin ?  On my
system, it reports:

lrwxrwxrwx 1 root root 15 2008-03-10 11:03 /dev/stdin -> /proc/self/fd/0

Wild guess: Users can't access /proc/ directories of executables with the
read-bit clear in order to prevent users from reading the state anyway.

I wonder how effective clearing the read-bit is these days.
Don't we all have source to all the applications anyway?  ;-)

-- 
Intel are signing my paycheques ... these opinions are still mine
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours.  We can't possibly take such
a retrograde step."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ