Re: O_NOLINK for open()

From: Andreas Schwab
Date: Wed Sep 12 2007 - 18:04:22 EST

Next message: Mark Lord: "Re: Problems with USB disk [solved]"
Previous message: Greg KH: "Re: [PATCH] pci: fix unterminated pci_device_id lists"
In reply to: H. Peter Anvin: "Re: O_NOLINK for open()"
Next in thread: Brent Casavant: "Re: O_NOLINK for open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brent Casavant <bcasavan@xxxxxxx> writes:

> I could mmap a temporary tmpfs file (tmpfs so that if there is a
> machine crash no sensitive data persists) which is created with
> permissions of 0, immediately unlink it, and pass the file
> descriptor through an AF_UNIX socket. This does open up a very
> small window of vulnerability if another process is able to chmod
> the file and open it before the unlink.

Only the owner can chmod a file, so why is that a vulnerability?

Andreas.

--
Andreas Schwab, SuSE Labs, schwab@xxxxxxx
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Lord: "Re: Problems with USB disk [solved]"
Previous message: Greg KH: "Re: [PATCH] pci: fix unterminated pci_device_id lists"
In reply to: H. Peter Anvin: "Re: O_NOLINK for open()"
Next in thread: Brent Casavant: "Re: O_NOLINK for open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]