URL:
<http://savannah.gnu.org/bugs/?26960>
Summary: firmlink opens target with client specified flags
Project: The GNU Hurd
Submitted by: hammy
Submitted on: Sat 04 Jul 2009 06:05:50 PM CEST
Category: Hurd Servers
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Reproducibility: None
Size (loc): None
Planned Release: None
Effort: 0.00
Wiki-like text discussion box:
_______________________________________________________
Details:
firmlink opens its target file with any client specified open
flags, except O_CREAT. This makes it is possible for a client
to read or write to the target of a firmlink using the firmlink's
authority (io_restrict_auth is not enough). It is also possible
for the client to halt firmlink's look-up midway through, using
O_NOLINK and O_NOTRANS.
A patch that fixes it has been attached. Also a program that
exploits the security-hole, just run it on a firmlink to a target
that it should not be permitted to read.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Sat 04 Jul 2009 06:05:51 PM CEST Name:
0001-Don-t-pass-client-flags-to-internal-firmlink-look-up.patch Size: 1kB
By: hammy
<http://savannah.gnu.org/bugs/download.php?file_id=18367>
-------------------------------------------------------
Date: Sat 04 Jul 2009 06:05:51 PM CEST Name: firmlink-read.c Size: 757B
By: hammy
<http://savannah.gnu.org/bugs/download.php?file_id=18368>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?26960>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
