On Wed, Aug 09, 2000 at 01:33:36AM -0400, Theodore Ts'o wrote:
> Here's the latest Linux 2.4 Status page, which can also be found at
> [... ]
>
> To Check
Alan's last version of this file included an item ``file locking needs
checking for races'' in the ``To Check'' section which apparently got lost.
However, as of test5 there are still some mostly harmless races in
flock_lock_file and mandatory file locking has a few (related)
problems:
* locks_verify_area checks the wrong range if O_APPEND is set and
the current file position is not at the end of the file.
* dito if the file position changes between the call to locks_verify_area
and the actual read/write (requires a shared file pointer, an attacker
can use this to circumvent virtually any mandatory lock).
* active writes should prevent anyone from getting mandatory locks
for the area beeing written.
* active reads should prevent anyone from getting mandatory write
locks for the area beeing read.
regards Christian
-- THAT'S ALL FOLKS!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:18 EST