[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [VULN 4/4] Process auth man-in-the-middle
|
From: |
Samuel Thibault |
|
Subject: |
Re: [VULN 4/4] Process auth man-in-the-middle |
|
Date: |
Fri, 5 Nov 2021 11:40:52 +0100 |
|
User-agent: |
NeoMutt/20170609 (1.8.3) |
William ML Leslie, le ven. 05 nov. 2021 21:18:50 +1100, a ecrit:
> > which makes the root filesystem reauthenticate all of the
> > processes file descriptors.
>
> It seems to eliminate a rather convenient method of delegation; a
> process opening a descriptor, forking and executing a child, and
> dropping privileges, while retaining access to that one resource.
reauthenticating doesn't mean closing. File permissions for open are
checked at the open step, not later on. But then there are other things
than just opening a file, such as starting a translator, which we don't
necessarily want to let the unprivileged-with-one-opened-file do.
Samuel
- [VULN 0/4] Hurd vulnerability details, Sergey Bugaev, 2021/11/02
- [VULN 1/4] Fake notifications, Sergey Bugaev, 2021/11/02
- [VULN 3/4] setuid exec race, Sergey Bugaev, 2021/11/02
- [VULN 2/4] No read-only mappings, Sergey Bugaev, 2021/11/02
- [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/02
- Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie, 2021/11/05
- Re: [VULN 4/4] Process auth man-in-the-middle, Samuel Thibault, 2021/11/05
- Re: [VULN 4/4] Process auth man-in-the-middle,
Samuel Thibault <=
- Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie, 2021/11/05
- Re: [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/05
- Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie, 2021/11/05
- Re: [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/05
Re: [VULN 0/4] Hurd vulnerability details, Samuel Thibault, 2021/11/02