Re: O_NOLINK for open()

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Bodo Eggert <7eggert@...>

To: Brent Casavant <bcasavan@...>, <linux-kernel@...>

Subject: Re: O_NOLINK for open()

Date: Wednesday, September 12, 2007 - 6:33 pm

Brent Casavant <bcasavan@sgi.com> wrote:

[...]
quoted text> I could mmap a temporary tmpfs file (tmpfs so that if there is a
> machine crash no sensitive data persists) which is created with
> permissions of 0, immediately unlink it, and pass the file
> descriptor through an AF_UNIX socket.  This does open up a very
> small window of vulnerability if another process is able to chmod
> the file and open it before the unlink.

If the process can chmod the file, it can ptrace the daemon, too.
Or, using CAP_DAC_OVERRIDE, it can patch the daemon.

Both will void any security.

quoted text> However, it occurs to me that this problem goes away if there were
> a method create a file in an unlinked state to begin with.  However
> there does not appear to be any such mechanism in Linux's open()
> interface.

Having no window for creating stale temp files is nice to have. We only
need a clever fool to implement it.-) But since it's hard to get killed
just in the right moment for having a stale temp file, there is very low
interest for this feature.
-- 
You know you're in trouble when packet floods are competing to flood you.
        -- grc.com

Friß, Spammer: dnLqD2P@t.7eggert.dyndns.org npkrx@imrx.fp6.7eggert.dyndns.org
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: O_NOLINK for open(), Bodo Eggert, (Wed Sep 12, 6:33 pm)

Re: O_NOLINK for open(), Jan Kara, (Thu Sep 13, 5:13 am)

Re: O_NOLINK for open(), Bodo Eggert, (Fri Sep 14, 5:07 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Arjan van de Ven	[Patch v2] Make PCI extended config space (MMCONFIG) a driver opt-in
Tilman Schmidt	git guidance
Vu Pham	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:
David Miller	Re: Git and GCC
Mike	I don't want the .git directory next to my code.
Steffen Prohaska	merge vs rebase: Is visualization in gitk the only problem?
David Kastrup	What is the idea for bare repositories?
openbsd-misc:
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Falk Brockerhoff	ftp-proxy and no route to host issue
Pieter Verberne	Remove escape characters from file
linux-netdev:
Chuck Lever	Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Stefan Richter	Re: [GIT]: Networking
jamal	Re: [LARTC] ifb and ppp

Latest forum posts


usb mic not detected	28 minutes ago	Applications and Utilities
Add ext2 inode field	9 hours ago	Linux kernel
the kernel how to power off the machine	19 hours ago	Linux kernel
struct gendisk via request_queue	21 hours ago	Linux kernel
page initialization during kernel initialization	1 day ago	Linux kernel
Read Transport Layer Data form network packets (tcp/ip)	2 days ago	Linux kernel
Getting blinking screen in Fedora 9	2 days ago	Linux general
Problem with kernel + libata	3 days ago	Linux kernel
How to detect usb device insertioin and removal event ?	3 days ago	Linux general
toshiba m30x-129 herbinaiton problem	3 days ago	Hardware

Show all forums...

Recent Tags

2.6.27 Linus Torvalds Intel -rc8 -rc quote 2.6.27-rc8 Linux bugs

more tags

Colocation donated by:

Online users

Syndicate