|From:||Pavel Machek <pavel-AT-ucw.cz>|
|To:||kernel list <linux-kernel-AT-vger.kernel.org>, jack-AT-suse.cz|
|Subject:||symlinks with permissions|
|Date:||Sun, 25 Oct 2009 07:29:53 +0100|
|Cc:||linux-fsdevel-AT-vger.kernel.org, viro-AT-zeniv.linux.org.uk, jamie-AT-shareable.org|
...yes, they do exist, in /proc/self/fd/* . Unfortunately, their permissions are not actually checked during open, resulting in (obscure) security hole: if you have fd open for reading, you can reopen it for write, even through unix permissions would not allow that. Now... I'd like to close the hole. One way would be to actually check symlink permissions on open -- because those symlinks already have correct permissions. But ... then I got lost in vfs. Can someone help? Is there better way? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo... -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds