Re: [RFC] [PATCH] Replace security fields with hashtable

From: Colin Walters (walters@private)
Date: Wed Oct 27 2004 - 14:13:53 PDT


On Wed, 2004-10-27 at 17:04 -0400, Valdis.Kletnieks@private wrote:
> On Wed, 27 Oct 2004 16:37:40 EDT, Colin Walters said:
> 
> > > Not "any uid 0 process" - "any process able to change ownerships/permissi=
> > ons/
> > > contexts" :)  Also, the threat model isn't "uid 0 subverts the control", =
> > it's
> > > "Joe User tricks a uid 0 process into running a /tmp-race exploit"...
> > 
> > With SELinux the domain would also need privileges to read temporary
> > files created by the attacker.
> 
> No - that's a different attack than I'm worried about.  I'm looking at
> the case of being redirected to stomp on my *own* files that I have the
> privs to.  You run gcc, gcc creates a tempfile in /tmp, that accidentally
> follows a symlink, and your ~/.foo file gets clobbered (yes, they fixed *that*
> bug in gcc a while ago).

Who created the symlink in this attack?





This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 14:13:34 PDT