| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110811195033.GA17313@albatros> Date: Thu, 11 Aug 2011 23:50:34 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: linux-kernel@...r.kernel.org, Arnaldo Carvalho de Melo <acme@...hat.com> Cc: Ingo Molnar <mingo@...e.hu>, Ben Hutchings <ben@...adent.org.uk>, Christian Ohm <chr.ohm@....net>, David Ahern <dsahern@...il.com>, Frederic Weisbecker <fweisbec@...il.com>, Jonathan Nieder <jrnieder@...il.com>, Mike Galbraith <efault@....de>, Paul Mackerras <paulus@...ba.org>, Peter Zijlstra <peterz@...radead.org>, Stephane Eranian <eranian@...gle.com> Subject: re: perf tools: Check $HOME/.perfconfig ownership Hi, The commit 069e3725dd9be3b759a98e8c80ac5fc38b392b23 introduced a check whether $HOME/.perfconfig file is owned by the user. Three comments here: 1) How other user may create a file in other user's home directory? If we assume he may do it, the situation is bad without any perf :( 2) If we assume (1) is somehow possible (e.g. other user may manipulate this file only), there is a race against file creation/deletion and stat. 3) .perfconfig can be a symlink, so stat(2) should be changed to lstat(2). Thanks, -- Vasiliy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists