lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041124120806.GA592@excession.spiral-arm.org> Date: Wed, 24 Nov 2004 12:08:06 +0000 From: James Youngman <bugtraq@...ession.spiral-arm.org> To: Ognyan Kulev <ogi@....uni-sofia.bg> Cc: srevilak@...akeasy.net, parimiv@...haw.com, Martin Buchholz <Martin.Buchholz@....COM>, levon@...ementarian.org, bugtraq@...urityfocus.com, bug-findutils@....org Subject: Re: Changes to the filesystem while find is running - comments? On Wed, Nov 24, 2004 at 07:50:59AM +0200, Ognyan Kulev wrote: > James Youngman wrote: > >On Mon, Nov 22, 2004 at 06:05:43PM -0800, Martin Buchholz wrote: > >>Unlike replacing directories with symlinks, where the malicious > >>possibilities are evident, I don't see any malicious possibilities > >>arising out of mounted filesystems replaced by other filesystems. > > > >Is there a consensus agreeing with this point of view? If so, that > >would make the implementsation much simpler... > > This is not valid in GNU Hurd where it's natural translators to be set up > on file/directory by ordinary user. (Translators are user-space programs > that handle filesystem requests. st_dev/st_fsid is translator's PID and > "automounted" filesystems are called passive translators.) Hmm. The typical care we're considering is where root is running "find" and an ordinary user is trying to persuade find to perform an operation for him (e.g. delete a file which the user would not ordinarily be able to delete). This is not a root versus ordinary user issue, it's a user-1 versus user-2 issue. I would have assumed that security considerations would require that although ordinary Hurd users can set up translators, the translators they've set up would no appear in other users' views of the filesystem. If translators you've set up are invisible to me when I'm running "find", they can't be used to compromise my security, can they? I'm afraid I'm not that familiar with Hurd, but ensuring that GNU find works well on Hurd is obviously something that the FSF wants to do. Regards, James.
Powered by blists - more mailing lists