Date: Sun, 14 Apr 2013 13:19:04 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: =?UTF-8?Q?P=C3=A9tur_Ingi_Egilsson?= <petur@petur.eu> Cc: freebsd-security@freebsd.org Subject: Re: File descriptors Message-ID: <CAFHbX1JKPX5X=j9qXFq6ZG7AZSw%2Bc0cWQGOsqczfg2cpgjR2tQ@mail.gmail.com> In-Reply-To: <000A44DA-4A24-48C8-A4B2-EE9473A03C38@petur.eu> References: <B4285FA7-E3EF-4639-BFC0-9BEA7881A5CB@petur.eu> <5169F961.7030407@erdgeist.org> <000A44DA-4A24-48C8-A4B2-EE9473A03C38@petur.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 14, 2013 at 9:48 AM, P=C3=A9tur Ingi Egilsson <petur@petur.eu> = wrote: > The general understanding by users, be it right or wrong, is that wheneve= r a files' permission is changed, then the effect is immediate everywhere i= n the system. > This wrong metal model _could_ result in malicious access to a file. > > I merely wanted to bring the issue to your attention. > > - p=C3=A9tur > As des said earlier, this model is essential for doing things in a secure manner. An analogy would be sockets, if you drop privileges after binding to a privileged socket, should you lose access to the socket? Of course not. The only thing that is relevant is whether you had permission to open the file/bind the socket at the point you did it. After that, the fd/socket is all yours, regardless. Cheers Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFHbX1JKPX5X=j9qXFq6ZG7AZSw%2Bc0cWQGOsqczfg2cpgjR2tQ>