User: Password:
|
|
Subscribe / Log in / New account

symlinks with permissions

From:  Pavel Machek <pavel-AT-ucw.cz>
To:  kernel list <linux-kernel-AT-vger.kernel.org>, jack-AT-suse.cz
Subject:  symlinks with permissions
Date:  Sun, 25 Oct 2009 07:29:53 +0100
Message-ID:  <20091025062953.GC1391@ucw.cz>
Cc:  linux-fsdevel-AT-vger.kernel.org, viro-AT-zeniv.linux.org.uk, jamie-AT-shareable.org
Archive-link:  Article


...yes, they do exist, in /proc/self/fd/* . Unfortunately, their
permissions are not actually checked during open, resulting in
(obscure) security hole: if you have fd open for reading, you can
reopen it for write, even through unix permissions would not allow
that.

Now... I'd like to close the hole. One way would be to actually check
symlink permissions on open -- because those symlinks already have
correct permissions.

But ... then I got lost in vfs. Can someone help? Is there better way?

    	       	   	   	    	    	     	   	  Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo...
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



(Log in to post comments)


Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds