| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20091030203715.GA28901@emergent.ellipticsemi.com> Date: Fri, 30 Oct 2009 16:37:15 -0400 From: Nick Bowler <nbowler@...iptictech.com> To: Pavel Machek <pavel@....cz> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Trond Myklebust <trond.myklebust@....uio.no>, Jan Kara <jack@...e.cz>, "J. Bruce Fields" <bfields@...ldses.org>, "Serge E. Hallyn" <serue@...ibm.com>, kernel list <linux-kernel@...r.kernel.org>, linux-fsdevel@...r.kernel.org, viro@...iv.linux.org.uk, jamie@...reable.org Subject: Re: symlinks with permissions On 19:35 Fri 30 Oct , Pavel Machek wrote: > > How many linux shell scripts and other applications that use /dev/fd/N > > or /proc/self/fd/N will you be breaking? > > Zero. (Well unless someone is exploiting it in wild). I've definitely written at least one script before that does something along the lines of 'echo foo > /dev/fd/N'. It's not one that I remember anything else about, so perhaps its behaviour would be unaffected by forbidding this if the particular file descriptor did not originally have read-write permissions. I have a hard time believing that amongst millions of users, not one of them has a script that would be affected. Frankly, I don't understand what is particularly surprising about the fact that people can write to files with world write permissions. -- Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists