From owner-freebsd-fs  Fri Apr 10 08:15:15 1998
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA24721
          for freebsd-fs-outgoing; Fri, 10 Apr 1998 08:15:15 -0700 (PDT)
          (envelope-from owner-freebsd-fs@FreeBSD.ORG)
Received: from fred.muc.de (noidentity@dial018.lrz-muenchen.de [129.187.24.18])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id IAA24716
          for <freebsd-fs@freebsd.org>; Fri, 10 Apr 1998 08:15:12 -0700 (PDT)
          (envelope-from andi@fred.muc.de)
Received: (qmail 2659 invoked by uid 500); 10 Apr 1998 15:14:54 -0000
Message-ID: <19980410171454.39443@fred.muc.de>
Date: Fri, 10 Apr 1998 17:14:54 +0200
From: ak@muc.de
To: Wolfram Schneider <wosch@cs.tu-berlin.de>, Andi Kleen <ak@muc.de>
Cc: freebsd-fs@FreeBSD.ORG
Subject: Re: cvs commit: src/sbin/mount mntopts.h mount.8 mount.c src/sys/kern          vfs_lookup.c vfs_syscalls.c vfs_vnops.c src/sys/sys mount.h
References: <199804081832.LAA04184@freefall.freebsd.org> <k2emz5oqe9.fsf@zero.aec.at> <19980410164505.27668@panke.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <19980410164505.27668@panke.de>; from Wolfram Schneider on Fri, Apr 10, 1998 at 04:45:05PM +0200
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Apr 10, 1998 at 04:45:05PM +0200, Wolfram Schneider wrote:
> On 1998-04-10 13:41:18 +0200, Andi Kleen wrote:
> > > wosch       1998/04/08 11:32:00 PDT
> > >   Modified files:
> > >     sbin/mount           mntopts.h mount.8 mount.c 
> > >     sys/kern             vfs_lookup.c vfs_syscalls.c vfs_vnops.c 
> > >     sys/sys              mount.h 
> > >   Log:
> > >   New mount option nosymfollow. If enabled, the kernel lookup()
> > >   function will not follow symbolic links on the mounted
> > >   file system and return EACCES (Permission denied).
> > 
> > Note that this is not enough alone to prevent /tmp races. A malicious
> > user can still use a named pipe to feed the victim changed data.
> 
> [moved to freebsd-fs]
> 
> I can add a nonamedpipe option ;-)
Or include that with nodev (or does it do that already?)

> 
> A named pipe race is much harder to implement than a symlink race.
> How do you avoid dead locks?
What deadlocks? the exploit will be "single threaded" but I don't think
there are deadlocks. It is possible, that is what counts. Just use 
O_CREAT|O_EXCL always.


-A.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message