lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 10 Dec 2009 08:39:02 +0100
From:	Pavel Machek <pavel@....cz>
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, luto@....edu,
	akpm@...ux-foundation.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] vfs: new O_NODE open flag

On Mon 2009-12-07 13:41:09, Miklos Szeredi wrote:
> On Mon, 7 Dec 2009, Alan Cox wrote:
> > The standard udev unload is a true open barrier so has an implicit
> > revoke() caused by the fact you cannot keep a handle to the filename open
> > during the udev sequence (or the old driver would be pinned by a refcount
> > and not unload).
> 
> True, udev unload is an open barrier (modulo races), but O_NODE opens
> simply don't matter in this respect, because they don't have anything
> to do with the driver.
> 
>   ln /dev/foo /dev/shm/my_secret_device_link
>   (foo is removed)
>   open("/dev/shm/my_secret_device_link", O_RDWR)
> 
> How is this different than keeping the device open with O_NODE?

First version needs writable directory on same fs as /dev, which may
not be there in all configs. (Plus note various 'security enhanced'
linuxes that do not allow hardlinks on files you don't own. Maybe
someone uses subterfugue.sf.net to disallow hardlinks.)

Plus, you can see hardlinks on ta-daa 'link count'.
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ