[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: The open() system call in f8 really broken...



Steve Grubb wrote:
On Wednesday 15 August 2007 20:56:10 Steve Dickson wrote:
Now If I'm not mistaken, its been legal since the 70s to use
O_CREAT without a mode because (depending on the OS) the mode
of parent directory will be used (or something similar)...

The problem is that without a mode being passed, the kernel uses whatever the stack contents are.
well the man pages does something about using "the mode of the parent
directory", but all implantations are different...

And yes, its conceivable the stack contents could create a world writable setuid file which cannot ever be the intended operation.
The key word being "conceivable"... a hole that size would have been
found a long time ago... and because of these new constraints a
hole of this type not happen, which is a good thing... but just because
some this is conceivable does not justify killing processes...

exportfs does not write setuid files, but it can cause a lost
of thousand of dollars when a entire development department
is idle because they can't log in because we decided to change
the meaning of open()... it just does not make sense to me...

Again, creating good program habits is a good thing, but at
what cost?

steved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]