| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0608071720510.29055@turbotaz.ourhouse> Date: Mon, 7 Aug 2006 17:24:08 -0500 (CDT) From: Chase Venters <chase.venters@...entec.com> To: Edgar Toernig <froese@....de> cc: Pekka Enberg <penberg@...helsinki.fi>, Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, akpm@...l.org, viro@...iv.linux.org.uk, alan@...rguk.ukuu.org.uk, tytso@....edu, tigran@...itas.com Subject: Re: [RFC/PATCH] revoke/frevoke system calls V2 On Mon, 7 Aug 2006, Edgar Toernig wrote: > > Your implementation is much cruder - it simply takes the fd > away from the app; any future use gives EBADF. As a bonus, > it works for regular files and even goes as far as destroying > all mappings of the file from all processes (even root processes). > IMVHO this is a disaster from a security and reliability point > of view. > I can see the value in these system calls, but I agree that the implementation is crude. "EBADF" is not something that applications are taught to expect. Someone correct me if I'm wrong, but I can think of no situation under which a file descriptor currently gets yanked out from under your feet -- you should always have to formally abandon it with close(). This kind of thing only looks proper if it leaves the file descriptor in place and just returns errors / EOF when you attempt to access it. Thanks, Chase - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists