Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Apr 2013 10:48:28 +0200
From:      =?iso-8859-1?Q?P=E9tur_Ingi_Egilsson?= <petur@petur.eu>
To:        Dirk Engling <erdgeist@erdgeist.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: File descriptors
Message-ID:  <000A44DA-4A24-48C8-A4B2-EE9473A03C38@petur.eu>
In-Reply-To: <5169F961.7030407@erdgeist.org>
References:  <B4285FA7-E3EF-4639-BFC0-9BEA7881A5CB@petur.eu> <5169F961.7030407@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
The general understanding by users, be it right or wrong, is that =
whenever a files' permission is changed, then the effect is immediate =
everywhere in the system.
This wrong metal model _could_ result in malicious access to a file.

I merely wanted to bring the issue to your attention.

- p=E9tur

On 14/04/2013, at 02:33, Dirk Engling <erdgeist@erdgeist.org> wrote:

> On 13.04.13 20:29, P=E9tur Ingi Egilsson wrote:
>=20
>> I noticed that if I execute the following code, then the program is
>> able to read the file even if the files' permissions are changed =
around
>> the /mark/ section in such a way that the UID under which the program =
is
>> running should not have any permission to read the file.
>>=20
>> This is not a desirable behaviour.
>> How can I prevent this behaviour on my system?
>=20
> P=E9tur,
>=20
> you may have a wrong understanding of what the difference between a =
file
> and its names is. The moment you open a file, the system call checks =
the
> permissions and if you are allowed to read the file, returns another
> name for your file, the fd.
I am aware of the difference.
>=20
> If you change permissions on the file name in the file system, your =
file
> descriptor is not affected. The overhead for chasing changes in your
> directory structure (and nothing else is changing permissions) on =
every
> read() system call would just not be bearable.
Understood.
>=20
> You can even delete the file from the file system and still reference
> the content by your descriptor. Only when the last name of your file =
is
> gone (i.e. you fclose your descriptor) the file is actually removed =
from
> the file system
>=20
>>   fd =3D fopen(argv[2], "r");
>=20
> I am pretty sure, this should rather read argv[1]
Indeed.
>=20
>  erdgeist

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000A44DA-4A24-48C8-A4B2-EE9473A03C38>