| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090928132845.GC19778@shareable.org>
Date: Mon, 28 Sep 2009 14:28:45 +0100
From: Jamie Lokier <jamie@...reable.org>
To: Miklos Szeredi <miklos@...redi.hu>
Cc: Valdis.Kletnieks@...edu, linux@...blig.org, agruen@...e.de,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vfs: new O_NODE open flag
Miklos Szeredi wrote:
> BTW I just checked, and it is possible to re-open or promote an fd
> opened with O_NODE like this:
>
> char tmp[64];
>
> fd = open(filename, O_NODE | O_NOACCESS);
> /* ... */
> sprintf(tmp, "/proc/self/fd/%i", fd);
> fd_rw = open(tmp, O_RDWR);
>
> Now fd_rw is guaranteed to refer to the same inode as fd.
If someone passes you a file descriptor opened with O_RDONLY, you
shouldn't be able to upgrade it to O_RDWR unless you have access to
the file and could do a normal open() on the file.
I hope the above cannot convert O_NOACCESS to O_RDWR without checking
that you have access to the file.
Hmm. I have just tried, and you _can _use open("/proc/self/fd/%d",
O_RDWR) to re-open with more permissions when you can't access the
path which /proc/self/fd/%d pretends to link to. It looks a bit
dubious, as you might have been passed an O_RDONLY descriptor with the
intention that you can't write to it... Oh well!
-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists