Date: Sun, 14 Apr 2013 02:33:37 +0200 From: Dirk Engling <erdgeist@erdgeist.org> To: =?ISO-8859-1?Q?P=E9tur_Ingi_Egilsson?= <petur@petur.eu> Cc: freebsd-security@freebsd.org Subject: Re: File descriptors Message-ID: <5169F961.7030407@erdgeist.org> In-Reply-To: <B4285FA7-E3EF-4639-BFC0-9BEA7881A5CB@petur.eu> References: <B4285FA7-E3EF-4639-BFC0-9BEA7881A5CB@petur.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13.04.13 20:29, Pétur Ingi Egilsson wrote: > I noticed that if I execute the following code, then the program is > able to read the file even if the files' permissions are changed around > the /mark/ section in such a way that the UID under which the program is > running should not have any permission to read the file. > > This is not a desirable behaviour. > How can I prevent this behaviour on my system? Pétur, you may have a wrong understanding of what the difference between a file and its names is. The moment you open a file, the system call checks the permissions and if you are allowed to read the file, returns another name for your file, the fd. If you change permissions on the file name in the file system, your file descriptor is not affected. The overhead for chasing changes in your directory structure (and nothing else is changing permissions) on every read() system call would just not be bearable. You can even delete the file from the file system and still reference the content by your descriptor. Only when the last name of your file is gone (i.e. you fclose your descriptor) the file is actually removed from the file system > fd = fopen(argv[2], "r"); I am pretty sure, this should rather read argv[1] erdgeist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5169F961.7030407>