lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <89187.1461696097@turing-police.cc.vt.edu>
Date:	Tue, 26 Apr 2016 14:41:37 -0400
From:	Valdis.Kletnieks@...edu
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] a corner case of open(2)

On Tue, 26 Apr 2016 18:55:38 +0100, Al Viro said:

> 	It is a change of user-visible behaviour, but I would be very
> surprised if anything broke from that change.  And it would help to simplify
> the awful mess we have in there.

I have to admit that over the past 3 decades of working with Unix-y systems,
there's been a number of times I've had to resort to 'od -cx /your/dir/here'
to debug issues (/bin/ls -fi is *almost* equivalent, but doesn't show holes
in the directory)

The biggest danger I can see is some shell script doing something like:

foobar > $dir/$targetfile

and $targetfile is unset. If we allow a program to get an open fd that refers
to a directory, what are the semantics of various operations on that fd?


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ