lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ac3eb2511001141345w64d42ceckb4d73815298761c2@mail.gmail.com>
Date:	Thu, 14 Jan 2010 22:45:12 +0100
From:	Kay Sievers <kay.sievers@...y.org>
To:	Henrique de Moraes Holschuh <hmh@....eng.br>
Cc:	Greg KH <greg@...ah.com>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: Driver-Core: devtmpfs - reset inode permissions before unlinking

On Thu, Jan 14, 2010 at 22:07, Henrique de Moraes Holschuh
<hmh@....eng.br> wrote:
> On Thu, 14 Jan 2010, Kay Sievers wrote:
>> On Thu, Jan 14, 2010 at 21:53, Henrique de Moraes Holschuh
>> <hmh@....eng.br> wrote:
>> > On Wed, 13 Jan 2010, Kay Sievers wrote:
>> >> across the device lifetime by creating hardlinks, in the unusual case
>> >> that there is a user-writable directory on the same filesystem.
>> >
>> > Does a tmpfs mounted in /dev/shm count as "user-writable directory on the
>> > same filesystem" ?
>>
>> Not if it's a separate tmpfs mount, which is recommended. Only if it's
>> just a plain directory on the /dev filesystem.
>
> Yeah, I noticed the abusurdity of my question when I re-read it, thanks for
> being kind in the reply.
>
> That said, this does fix a possible security problem when a misconfigured
> system is used, and the fix looks rather simple...  Can it go to -stable
> eventually, even if it is months in the future, after it gets some testing
> in .34 ?   Minor problems are still problems...

Sure, we could do that. There is some stuff in the current .33 kernel,
which could go into .32-stable too, if that's useful.

Kay
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ