Date: Mon, 27 Nov 2000 22:26:51 -0700 From: Warner Losh <imp@village.org> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: Peter Wemm <peter@netplex.com.au>, Alfred Perlstein <bright@wintelcom.net>, obrien@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <200011280526.WAA07436@harmony.village.org> In-Reply-To: Your message of "Sun, 26 Nov 2000 23:05:15 EST." <200011270405.eAR45H578642@green.dyndns.org> References: <200011270405.eAR45H578642@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200011270405.eAR45H578642@green.dyndns.org> "Brian F. Feldman" writes: : There aren't many good solutions, but luckily this doesn't really seem to be : a problem. An open with O_NOFOLLOW prevents hapless symlink problems, but : since it doesn't prevent hapless file-type problems... I'd like it if there : was something like this: : : * lstat() is used to verify permissions, in conjunction with : getgroups()/initgroups() and seteuid(). : * the stat structure can be verified to be okay. Normally, the next : step would be to open the file and fstat() and check if it's the : same -- but that is only alright for some things. What if you : don't want to have called open() at all? : * the program calls int stathash(struct stat *sb) which returns a : reasonably-secure hash of the "telling" contents of the structure. : * the program then calls : open(name, O_RDONLY | O_NONBLOCK | O_STATHASH, hash). : * open(2) recognizes the overloading (O_STATHASH being mutex with : O_CREAT) and, after locking the vnode, VOP_STAT()s and checks the : hashes of the stats and returns an error if they do not match. I think that STATHASH is really bad idea. The best solution is to run with the right creditials, and then it just doesn't matter if some hapless user tries to race you. Win or lose the race, the kernel won't open a file that the user doesn't have permission to open. Cf, a really long discussion on this wrt HOSTALIASES in the NetBSD lists. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011280526.WAA07436>