| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100318005358.GA24348@shell> Date: Wed, 17 Mar 2010 20:53:58 -0400 From: Valerie Aurora <vaurora@...hat.com> To: "J. R. Okajima" <hooanon05@...oo.co.jp> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Miklos Szeredi <miklos@...redi.hu>, Dmitry Monakhov <dmonakhov@...nvz.org>, Jeff Layton <jlayton@...hat.com>, Christoph Hellwig <hch@...radead.org>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH] Show data flow for file copyup in unions On Wed, Mar 17, 2010 at 07:51:31AM +0900, J. R. Okajima wrote: > > Valerie Aurora: > > 1. Don't copyup if the operation would fail (e.g., open(O_WRONLY) on a > > file with mode 444). It's inefficient and a possible security hole to > > copy up a file if no write (or maybe even read) can occur anyway. > > Just a question. > How about this case? > When the file is writable (0644 or something) but its parent directory > is readonly (0555), do you think the file should be copied-up? This problem comes up with readdir() too, since we copy up all the directory entries from the lower layer on what is ostensibly a read-only access. I think what people will expect is that we copy up in that case. I can think of ways this can go wrong, but perhaps that should be an explicit requirement on the top-layer file system, that it can handle create/unlink() in a directory without write permission. -VAL -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists