dynamic /dev security hole?

From: Albert Cahalan
Date: Sun Aug 08 2004 - 10:20:25 EST

Next message: Hamie: "Re: ide-cs using 100% CPU"
Previous message: Oskar Berggren: "Bug in 2.6.8-rc3 at mm/page_alloc.c:792 and mm/rmap.c:407"
Next in thread: Marc Ballarin: "Re: dynamic /dev security hole?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Suppose I have access to a device, for whatever legit
reason. Maybe I'm given access to a USB key with
some particular serial number.

I hard link this to somewhere else. Never mind that an
admin could in theory use 42 separate partitions and
mount most of the system with the "nodev" option. This
is rarely done.

Now the device is removed. The /dev entry goes away.
A new device is added, and it gets the same device
number as the device I had legit access to. Hmmm?

I should mention open file descriptors too, though I
think the transition away from doing dev_t lookups in
the read()/write()/etc. code has taken care of that.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hamie: "Re: ide-cs using 100% CPU"
Previous message: Oskar Berggren: "Bug in 2.6.8-rc3 at mm/page_alloc.c:792 and mm/rmap.c:407"
Next in thread: Marc Ballarin: "Re: dynamic /dev security hole?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]