The open() system call in f8 really broken...
Eric Sandeen
sandeen at redhat.com
Thu Aug 16 01:27:10 UTC 2007
Steve Dickson wrote:
> Steve Grubb wrote:
>> On Wednesday 15 August 2007 20:56:10 Steve Dickson wrote:
>>> Now If I'm not mistaken, its been legal since the 70s to use
>>> O_CREAT without a mode because (depending on the OS) the mode
>>> of parent directory will be used (or something similar)...
>> The problem is that without a mode being passed, the kernel uses whatever the
>> stack contents are.
> well the man pages does something about using "the mode of the parent
> directory", but all implantations are different...
hmm isn't that talking about what the group defaults to?
It also says:
mode must be specified when O_CREAT is in the flags, and is
ignored otherwise.
Hard to argue with the "must"
>> And yes, its conceivable the stack contents could create
>> a world writable setuid file which cannot ever be the intended operation.
> The key word being "conceivable"... a hole that size would have been
> found a long time ago... and because of these new constraints a
> hole of this type not happen, which is a good thing... but just because
> some this is conceivable does not justify killing processes...
>
> exportfs does not write setuid files, but it can cause a lost
> of thousand of dollars when a entire development department
> is idle because they can't log in because we decided to change
> the meaning of open()... it just does not make sense to me...
>
> Again, creating good program habits is a good thing, but at
> what cost?
Is there an explicit security risk to exposing the stack via the
uninitialized mode, in this way?
[esandeen at neon tmp]$ while true; do rm -f testfile; ./test testfile; ls
-l testfile; done
--wSrwx--- 1 esandeen esandeen 0 Aug 15 20:21 testfile
---s--s--- 1 esandeen esandeen 0 Aug 15 20:21 testfile
--wxr-x--- 1 esandeen esandeen 0 Aug 15 20:21 testfile
-r--rws--T 1 esandeen esandeen 0 Aug 15 20:21 testfile
-r-s--x--- 1 esandeen esandeen 0 Aug 15 20:21 testfile
-r-S--x--- 1 esandeen esandeen 0 Aug 15 20:21 testfile
-rws-ws--T 1 esandeen esandeen 0 Aug 15 20:21 testfile
....
-Eric
More information about the Fedora-maintainers
mailing list