Re: [PATCH] new syscall: flink

David Wagner (daw@mozart.cs.berkeley.edu)
7 Apr 2003 17:37:36 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Mosberger: "Re: Same syscall is defined to different numbers on 3 different archs(was"
Previous message: Grover, Andrew: "RE: 2.5.66-bk12: acpi_power_off: sleeping function called from il"
Maybe in reply to: Ulrich Drepper: "[PATCH] new syscall: flink"
Next in thread: H. Peter Anvin: "Re: [PATCH] new syscall: flink"

Clayton Weaver wrote:
>Once a process unlinks the last directory entry referencing a particular
>inode that it has an
>open fd for and then passes the open fd to some other process
>(regardless of exactly how it does that), it seems to me that it has
>conceded any interest in the previous security constraints associated
>with that inode or with the recently
>unlinked last directory entry for it.

Huh? That's not the Unix model. If I pass you a read-only file
descriptor, you're not supposed to be able to get write access to
the fd. If you can, that's a security hole. This is true whether
the fd refers to an inode still linked into the filesystem or not.

>The cases with potential security implications are all in the context of
>flink()ing to an open fd for an inode that still corresponds to at least
>one directory entry.

No, that's not correct.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Mosberger: "Re: Same syscall is defined to different numbers on 3 different archs(was"
Previous message: Grover, Andrew: "RE: 2.5.66-bk12: acpi_power_off: sleeping function called from il"
Maybe in reply to: Ulrich Drepper: "[PATCH] new syscall: flink"
Next in thread: H. Peter Anvin: "Re: [PATCH] new syscall: flink"