Re: [VULN 4/4] Process auth man-in-the-middle

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VULN 4/4] Process auth man-in-the-middle

From:	William ML Leslie
Subject:	Re: [VULN 4/4] Process auth man-in-the-middle
Date:	Fri, 5 Nov 2021 21:45:24 +1100

On Fri, 5 Nov 2021 at 21:41, Samuel Thibault <samuel.thibault@gnu.org> wrote:

William ML Leslie, le ven. 05 nov. 2021 21:18:50 +1100, a ecrit:
> > which makes the root filesystem reauthenticate all of the
> > processes file descriptors.
>
> It seems to eliminate a rather convenient method of delegation; a
> process opening a descriptor, forking and executing a child, and
> dropping privileges, while retaining access to that one resource.

reauthenticating doesn't mean closing. File permissions for open are
checked at the open step, not later on. But then there are other things
than just opening a file, such as starting a translator, which we don't
necessarily want to let the unprivileged-with-one-opened-file do.

Samuel

I see, thank you!

William ML Leslie

[Prev in Thread]

Current Thread

[Next in Thread]

[VULN 0/4] Hurd vulnerability details, Sergey Bugaev, 2021/11/02
- [VULN 1/4] Fake notifications, Sergey Bugaev, 2021/11/02
- [VULN 3/4] setuid exec race, Sergey Bugaev, 2021/11/02
- [VULN 2/4] No read-only mappings, Sergey Bugaev, 2021/11/02
- [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/02
  - Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie, 2021/11/05
    - Re: [VULN 4/4] Process auth man-in-the-middle, Samuel Thibault, 2021/11/05
    - Re: [VULN 4/4] Process auth man-in-the-middle, Samuel Thibault, 2021/11/05
    - Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie <=
    - Re: [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/05
    - Re: [VULN 4/4] Process auth man-in-the-middle, William ML Leslie, 2021/11/05
    - Re: [VULN 4/4] Process auth man-in-the-middle, Sergey Bugaev, 2021/11/05
- Re: [VULN 0/4] Hurd vulnerability details, Samuel Thibault, 2021/11/02
  - Re: [VULN 0/4] Hurd vulnerability details, Joan Lledó, 2021/11/02
  - Re: [VULN 0/4] Hurd vulnerability details, Vasileios Karaklioumis, 2021/11/02
  - Re: [VULN 0/4] Hurd vulnerability details, Ludovic Courtès, 2021/11/09
    - Re: [VULN 0/4] Hurd vulnerability details, Samuel Thibault, 2021/11/09
    - Re: [VULN 0/4] Hurd vulnerability details, Ludovic Courtès, 2021/11/17
- Re: [VULN 0/4] Hurd vulnerability details, Guy-Fleury Iteriteka, 2021/11/02

Prev by Date: Re: [VULN 4/4] Process auth man-in-the-middle
Next by Date: Re: [VULN 4/4] Process auth man-in-the-middle
Previous by thread: Re: [VULN 4/4] Process auth man-in-the-middle
Next by thread: Re: [VULN 4/4] Process auth man-in-the-middle
Index(es):
- Date
- Thread