lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <92598.1461698716@turing-police.cc.vt.edu>
Date:	Tue, 26 Apr 2016 15:25:16 -0400
From:	Valdis.Kletnieks@...edu
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] a corner case of open(2)

On Tue, 26 Apr 2016 20:02:48 +0100, Al Viro said:

> > The biggest danger I can see is some shell script doing something like:
> >
> > foobar > $dir/$targetfile
> >
> > and $targetfile is unset. If we allow a program to get an open fd that refers
> > to a directory, what are the semantics of various operations on that fd?
>
> Huh?  We certainly do allow to get an open fd that refers to a directory -
> how else could ls(1) possibly work?  See getdents(2) - it does use an
> open file descriptor to specify the directory we operate upon.

Gaah.. I lost a few words in there - /bin/ls is *expecting* to operate on
a directory, so to calls getdents.   I meant some generic program that
opened a directory in error, and was expecting to act on "stream of bytes"

> We also do not allow opening directories for *write*, and in that case EISDIR
> is the right error (and we do return it).

OK, that and ftruncate() are about the only ways to cause trouble with a
directory opened by accident...


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ