Valdis.Kletnieksat_private wrote: > On Wed, 18 Jul 2001 15:32:48 PDT, Crispin Cowan <crispinat_private> said: > > If someone has a practical, detailed way to construct the name, please > > speak up. Note that it is not sufficient to be able to construct *some* > > name that *could* have been used to open the file: we need the actual name > > that was used to make the request. > I'm curious how you can reconstruct the name for this sequence: > > mkdir("/tmp/foo"); > cd("/tmp/foo"); > rmdir("/tmp/foo"); > /* run for a while */ > int whatname_for_fd = open("bar"); We (more or less) implemented this program to see what would happen (attached). Changes from Valdis' code: * "cd" became "chdir" * "open" became "creat", because otherwise open just fails because the file is non-existant > namei() will work off '.' which is still around as long as it's the process > current directory - but '.' isn't attached to a name anymore. > > Given that some other process can create a new /tmp/foo in the meantime, I > think that the right term here is "basically intractable". The file created > by the open() call *has* no name in the file system. When run, this program gets an EACCES error if the rmdir is left in place, and works successfully without the rmdir. Therefore, the above sequence will never occur: DAC will just reject it. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html #include <stdio.h> main() { int result; result = mkdir("/tmp/foo"); printf("mkdir %d\n", result); result = chdir("/tmp/foo"); printf("chdir %d\n", result); // result = rmdir("/tmp/foo"); // printf("rmdir %d\n", result); sleep(10); result=creat("bar"); printf("result=%d\n", result); } _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 13:39:39 PDT