[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: [LightDM] Version 1.0.6 released
From: Guido Berhoerster <gber () opensuse ! org>
Date: 2011-11-22 22:51:36
Message-ID: 20111122225135.GE10743 () wopr
[Download RAW message or body]
* Yves-Alexis Perez <corsac@debian.org> [2011-11-22 22:39]:
> On ven., 2011-11-11 at 13:27 -0500, Marc Deslauriers wrote:
> > On Fri, 2011-11-11 at 10:05 +0000, John Haxby wrote:
> > > On 11/11/11 08:06, Guido Berhoerster wrote:
> > > > Replacing the file between the lstat and the open would change
> > > > its inode and then be caught by the check before the fchown, no?
> > >
> > > Nope. There is no reason why the same inode should not be reused.
> > >
> > > On ext4 (btrfs seems to be different):
> > >
> > > $ touch test; ls -i test; rm test; touch test; ls -i test
> > > 656078 test
> > > 656078 test
> > >
> > > jch
> >
> > How about the attached patch?
> >
> > Marc.
>
> Note that O_NOFOLLOW seems to be Linux-only. Any idea how to handle it
> on other ports?
No, it's specified in POSIX.1-2008, at least Linux, FreeBSD and
Solaris 10 implemented it long before that.
--
Guido Berhoerster
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic