| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jun 2008 13:05:31 +0200 From: "Michael Kerrisk" <mtk.manpages@...glemail.com> To: "Miklos Szeredi" <miklos@...redi.hu> Cc: drepper@...hat.com, viro@...iv.linux.org.uk, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-man@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH] utimensat() non-conformances and fixes [v3] Hi Miklos, > 2) I've found yet another divergence from the spec -- but this > was in the original implementation, rather than being > something that has been introduced. In do_futimes() there is > > if (!times && !(file->f_mode & FMODE_WRITE)) > write_error = -EACCES; > > However, the check here should not be against the f_mode (file access > mode), but the against actual permission of the file referred to by > the underlying descriptor. This means that for the do_futimes() + > times==NULL case, a set-user-ID root program could open a file > descriptor O_RDWR/O_WRONLY for which the real UID does not have write > access, and then even after reverting the the effective UID, the real > user could still update file. > > I'm not sure of the correct way to get the required nameidata (to do a > vfs_permission() call) from the file descriptor. Can you give me a > tip there? Could you point me at the right way of doing this? Cheers, Michael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists