Re: F_SETOWN...

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 23 Nov 1998 13:42:57 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Olaf Titz: "Re: kerneli blowfish/twofish compromised?"
Previous message: Romano Giannetti: "Re: Linux-2.1.129.."
In reply to: Ion Badulescu: "RE: Possible bug in wait4(), 2.1.126-129 ?"

> case F_SETOWN:
> err = 0;
> filp->f_owner.pid = arg;
> filp->f_owner.uid = current->uid;
> filp->f_owner.euid = current->euid;
> if (S_ISSOCK (filp->f_dentry->d_inode->i_mode))
> err = sock_fcntl (filp, F_SETOWN, arg);
> break;
>
> Does no one else think that's just a little on the brain damaged side? No
> sanity checks what-so-ever in handing a filedesc to an arbitrary process
> number... no permissions check, no pid check, nothing.

Read a little further. In paticular read the send_sigio function and you'll
see the check is done at signal delivery time where it should be done,
otherwise you could set up a SIGIO on a process that then execs a setuid
process you shouldnt be able to signal

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Olaf Titz: "Re: kerneli blowfish/twofish compromised?"
Previous message: Romano Giannetti: "Re: Linux-2.1.129.."
In reply to: Ion Badulescu: "RE: Possible bug in wait4(), 2.1.126-129 ?"