Re: [PATCH] new syscall: flink

Shaya Potter (spotter@cs.columbia.edu)
07 Apr 2003 12:17:21 -0400


On Mon, 2003-04-07 at 02:43, David Wagner wrote:
> H. Peter Anvin wrote:
> >Here is a better piece of sample code that actually shows a
> >permissions violation happening:
> >
> >[...]
> >mkdir("testdir", 0700) = 0
> >open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
> >write(3, "Ansiktsburk\n", 12) = 12
> >close(3) = 0
> >open("testdir/testfile", O_RDONLY) = 3
> >chmod("testdir", 0) = 0
> >open("/proc/self/fd/3", O_RDWR) = 4
> >write(4, "Tjo fidelittan hatt!\n", 21) = 21
>
> You're right! Good point. I retract the comments in my previous email.
> (I did try an experiment like this, but apparently not the right one.)
>
> My conclusion: /proc/*/fd is a security hole. It should be fixed.
> Do you agree?

I'm somewhat confused, why don't /proc/*/fd entries behave like normal
symbolic links? i.e. shouldn't the inodes just be a symbolic link to
the d_path() of the fd? Since symbolic links have to travel the entire
path (hence calling fs->permission() or vfs_permission() on each dir) it
should catch that problem.

Is my understanding of the design wrong? Or is that right, and it's just
the implementation that's broken?

just wondering, thanks,

shaya

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/