Re: [PATCH] new syscall: flink

Malcolm Beattie (mbeattie@clueful.co.uk)
Mon, 7 Apr 2003 10:09:15 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: 2.5: NFS troubles"
Previous message: Olivier Galibert: "Re: [PATCH] new syscall: flink"

David Wagner writes:
> H. Peter Anvin wrote:
> >Alan Cox wrote:
> >> Suppose I give you an O_RDONLY handle to a file which you then
> >> flink and gain write access too ?
> >
> >This, I believe, is the real issue. However, we already have that
> >problem:
>
> No, I don't think we already have that problem. I think flink()
> would introduce a new security hole not already present.

Here's another example along similar lines: you can open a file
O_APPEND and pass the descriptor along to another process (e.g. a
security mediator process that hands out a file descriptor to a
less-trusted recipient that it can use for appending entries only).
fcntl() explicity prevents the clearing of the O_APPEND flag on a
file which was opened with O_APPEND. With flink, one could flink()
and re-open without O_APPEND: security hole.

--Malcolm

-- 
Malcolm Beattie <mbeattie@clueful.co.uk>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.5: NFS troubles"
Previous message: Olivier Galibert: "Re: [PATCH] new syscall: flink"