| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20091220210404.GN18217@ZenIV.linux.org.uk> Date: Sun, 20 Dec 2009 21:04:04 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: Pavel Machek <pavel@....cz> Cc: Jeff Layton <jlayton@...hat.com>, Jamie Lokier <jamie@...reable.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, miklos@...redi.hu Subject: Re: [PATCH 0/3] vfs: plug some holes involving LAST_BIND symlinks and file bind mounts (try #5) On Sun, Dec 20, 2009 at 08:59:03PM +0100, Pavel Machek wrote: > > WTF not? It's convenient and doesn't lose any real security. If your > > code relies on inaccessibility of <path> since some component of that > > path is inaccessible, you are *already* fscked. Consider e.g. fchdir() > > and its implications - if you have an opened descriptor for parent, > > having no exec permissions on grandparent won't stop you at all. Already. > > On all Unices, regardless of openat(), etc. > > Consider FD passing over unix socket. Passing R/O file descriptor to > the other task, then having the task write to the file is certainly bad. You've omitted the "R/O file descriptor of a file that is writable for that other task" part... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists