Re: Port of secure fd handling to LSM

From: David Wagner (dawat_private)
Date: Mon Aug 06 2001 - 18:44:03 PDT

  • Next message: Stephen Smalley: "Re: Problems with some of the current hooks"

    Greg KH  wrote:
    >Um, maybe I'm just too tired to realize it right now, but what security
    >does this offer?
    
    This provides a defense against the 'stderr' attacks on setuid attacks
    described a year or two back in the usual places.  In particular, consider
    a /bin/passwd program that does something like the following:
       fd = open("/etc/passwd", O_RDWR);
       if (fd < 0) {
         perror("open"); exit(1);
       }
    Guess what?  If you run this program with stderr closed, it hoses your
    password file.  The potential for mischief should be obvious.
    
    Of course, I didn't understand why this patch demonstrated a need for
    passing fds to the read() hook, either, so I'm in the dark with you on
    that one.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 19:53:28 PDT