From owner-freebsd-security@FreeBSD.ORG Sun Apr 14 08:48:36 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C8D1E399 for ; Sun, 14 Apr 2013 08:48:36 +0000 (UTC) (envelope-from petur@petur.eu) Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com [209.85.217.175]) by mx1.freebsd.org (Postfix) with ESMTP id 528307AA for ; Sun, 14 Apr 2013 08:48:35 +0000 (UTC) Received: by mail-lb0-f175.google.com with SMTP id o10so3754549lbi.34 for ; Sun, 14 Apr 2013 01:48:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=mjskVTwUyFIcjJNHwB1MYO3kzqNeXrNudYM3Qedq5bI=; b=g28myneEuftd5swT6qGGsDvnvK3XdOW0lWIIeZbBrqxo1UgFndkdYrQpSpAB48hpAu NTkjF8N3Iu4OyuayRRSzyP/UsiSFiZt2KrCAFVViwh9kCMMteK57D2NZEcrDMbjY5ml1 4mS7PbjwHrPdYQCufAzHI/LFx75eZUJ1MXel9G3YGwnGWZmkdUhIV49lMsCgosRYFoYy bXP6UkZToWHhJlXW553MsjmJLvd4wR3iIT/zWUjFg426UMf8M1l0XEHoGtI0LLp8VxQ6 5wQfF2DVJ9PyKOWwhIGmtxSttFVcjDqlS2+WfO+SEegxa+AceCJ8OU7Bm26pfkEW2o+B u9pw== X-Received: by 10.152.88.81 with SMTP id be17mr6323233lab.39.1365929308532; Sun, 14 Apr 2013 01:48:28 -0700 (PDT) Received: from [10.0.0.3] ([130.225.243.68]) by mx.google.com with ESMTPS id jh4sm6052779lab.7.2013.04.14.01.48.26 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 14 Apr 2013 01:48:26 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: File descriptors From: =?iso-8859-1?Q?P=E9tur_Ingi_Egilsson?= In-Reply-To: <5169F961.7030407@erdgeist.org> Date: Sun, 14 Apr 2013 10:48:28 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <000A44DA-4A24-48C8-A4B2-EE9473A03C38@petur.eu> References: <5169F961.7030407@erdgeist.org> To: Dirk Engling X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQm/3AUiy/ypTeQwsHP2DgAc763aDjPVrdDB0v40doAC+VMVUMcgVjF5b/RlXxlWaVhuBLos X-Mailman-Approved-At: Sun, 14 Apr 2013 11:33:58 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Apr 2013 08:48:36 -0000 The general understanding by users, be it right or wrong, is that = whenever a files' permission is changed, then the effect is immediate = everywhere in the system. This wrong metal model _could_ result in malicious access to a file. I merely wanted to bring the issue to your attention. - p=E9tur On 14/04/2013, at 02:33, Dirk Engling wrote: > On 13.04.13 20:29, P=E9tur Ingi Egilsson wrote: >=20 >> I noticed that if I execute the following code, then the program is >> able to read the file even if the files' permissions are changed = around >> the /mark/ section in such a way that the UID under which the program = is >> running should not have any permission to read the file. >>=20 >> This is not a desirable behaviour. >> How can I prevent this behaviour on my system? >=20 > P=E9tur, >=20 > you may have a wrong understanding of what the difference between a = file > and its names is. The moment you open a file, the system call checks = the > permissions and if you are allowed to read the file, returns another > name for your file, the fd. I am aware of the difference. >=20 > If you change permissions on the file name in the file system, your = file > descriptor is not affected. The overhead for chasing changes in your > directory structure (and nothing else is changing permissions) on = every > read() system call would just not be bearable. Understood. >=20 > You can even delete the file from the file system and still reference > the content by your descriptor. Only when the last name of your file = is > gone (i.e. you fclose your descriptor) the file is actually removed = from > the file system >=20 >> fd =3D fopen(argv[2], "r"); >=20 > I am pretty sure, this should rather read argv[1] Indeed. >=20 > erdgeist