lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 24 Nov 2004 12:08:06 +0000
From: James Youngman <bugtraq@...ession.spiral-arm.org>
To: Ognyan Kulev <ogi@....uni-sofia.bg>
Cc: srevilak@...akeasy.net, parimiv@...haw.com,
	Martin Buchholz <Martin.Buchholz@....COM>,
	levon@...ementarian.org, bugtraq@...urityfocus.com, bug-findutils@....org
Subject: Re: Changes to the filesystem while find is running - comments?


On Wed, Nov 24, 2004 at 07:50:59AM +0200, Ognyan Kulev wrote:
> James Youngman wrote:
> >On Mon, Nov 22, 2004 at 06:05:43PM -0800, Martin Buchholz wrote:
> >>Unlike replacing directories with symlinks, where the malicious
> >>possibilities are evident, I don't see any malicious possibilities
> >>arising out of mounted filesystems replaced by other filesystems.
> >
> >Is there a consensus agreeing with this point of view?  If so, that
> >would make the implementsation much simpler...
> 
> This is not valid in GNU Hurd where it's natural translators to be set up 
> on file/directory by ordinary user.  (Translators are user-space programs 
> that handle filesystem requests.  st_dev/st_fsid is translator's PID and 
> "automounted" filesystems are called passive translators.)

Hmm.  The typical care we're considering is where root is running
"find" and an ordinary user is trying to persuade find to perform an
operation for him (e.g. delete a file which the user would not
ordinarily be able to delete).  This is not a root versus ordinary
user issue, it's a user-1 versus user-2 issue.

I would have assumed that security considerations would require that
although ordinary Hurd users can set up translators, the translators
they've set up would no appear in other users' views of the
filesystem.  If translators you've set up are invisible to me when I'm
running "find", they can't be used to compromise my security, can
they?  

I'm afraid I'm not that familiar with Hurd, but ensuring that GNU find
works well on Hurd is obviously something that the FSF wants to do.

Regards,
James.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ