| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100531104708.GR26177@thunk.org> Date: Mon, 31 May 2010 06:47:08 -0400 From: tytso@....edu To: Kees Cook <kees.cook@...onical.com> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-doc@...r.kernel.org, Randy Dunlap <rdunlap@...otime.net>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Kosina <jkosina@...e.cz>, Dave Young <hidave.darkstar@...il.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, James Morris <jmorris@...ei.org>, Eric Paris <eparis@...hat.com>, David Howells <dhowells@...hat.com>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Eric W. Biederman" <ebiederm@...ssion.com>, Tim Gardner <tim.gardner@...onical.com>, "Serge E. Hallyn" <serue@...ibm.com> Subject: Re: [PATCH v2] fs: block cross-uid sticky symlinks On Sun, May 30, 2010 at 08:04:02PM -0700, Kees Cook wrote: > - Violates POSIX. > - POSIX didn't consider this situation and it's not useful to follow > a broken specification at the cost of security. POSIX allows implementations to fail requested operations with a permission denied for reasons beyond that which is specified by the POSIX implementation. Indeed, POSIX doesn't specify the sticky bit at all, so implementations that implemented the sticky bit were able to pass POSIX precisely because it's OK to provide stricter semantics than that which is specified by POSIX. (The sticky bit is specified in the XSI exstension to the Single Unix Specification, but the same principle applies; it's OK for us have additional situations where we return EACCESS beyond that which was contemplated by POSIX/SUS; this alone wouldn't cause us to 'violate POSIX'.) So for people who to argue against this (which I believe to be a useful restriction, and not one that necessarily has to be done in a LSM), it's not sufficient to say that it is a POSIX violation, because it isn't. The sticky bit itself wasn't originally considered by POSIX, and many systems which implemented the sticky bit had no problems becoming ceritifed as POSIX compliant. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists