bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #26960] firmlink opens target with client specified flags

From: Carl Fredrik Hammar
Subject: [bug #26960] firmlink opens target with client specified flags
Date: Sat, 04 Jul 2009 16:05:52 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061208 Iceweasel/3.0.9 (Debian-3.0.9-1) 
URL:
  <http://savannah.gnu.org/bugs/?26960>

                 Summary: firmlink opens target with client specified flags
                 Project: The GNU Hurd
            Submitted by: hammy
            Submitted on: Sat 04 Jul 2009 06:05:50 PM CEST
                Category: Hurd Servers
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Reproducibility: None
              Size (loc): None
         Planned Release: None
                  Effort: 0.00
Wiki-like text discussion box: 

    _______________________________________________________

Details:

firmlink opens its target file with any client specified open
flags, except O_CREAT.  This makes it is possible for a client
to read or write to the target of a firmlink using the firmlink's
authority (io_restrict_auth is not enough).  It is also possible
for the client to halt firmlink's look-up midway through, using
O_NOLINK and O_NOTRANS.

A patch that fixes it has been attached.  Also a program that
exploits the security-hole, just run it on a firmlink to a target
that it should not be permitted to read.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sat 04 Jul 2009 06:05:51 PM CEST  Name:
0001-Don-t-pass-client-flags-to-internal-firmlink-look-up.patch  Size: 1kB  
By: hammy

<http://savannah.gnu.org/bugs/download.php?file_id=18367>
-------------------------------------------------------
Date: Sat 04 Jul 2009 06:05:51 PM CEST  Name: firmlink-read.c  Size: 757B  
By: hammy

<http://savannah.gnu.org/bugs/download.php?file_id=18368>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?26960>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]