Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Mar 2004 01:41:23 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Jilles Tjoelker <jilles+fbsd-arch@stack.nl>
Cc:        freebsd-arch@freebsd.org
Subject:   Re: fchroot(2) and others.
Message-ID:  <20040328004123.GV8930@darkness.comp.waw.pl>
In-Reply-To: <20040328000413.GA6185@stack.nl>
References:  <20040327203620.GR8930@darkness.comp.waw.pl> <20040328000413.GA6185@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 

--sk1WQj/bN1s+tUrY
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 28, 2004 at 01:04:13AM +0100, Jilles Tjoelker wrote:
+> > 	http://people.freebsd.org/~pjd/patches/secure_syscalls.patch
+>=20
+> > I've also impelemnted safe versions of other syscalls:
+>=20
+> > int flink(int fd, const char *link);
+>=20
+> This means that you can access a file forever when you get a descriptor
+> on it once, which may not be desired. In any case, this gives more
+> rights than normal. You could mitigate this by requiring the caller to
+> own the file, or by following the same approach (fd+name) as in
+> funlink() and frename().

Actually if you are worring about this, so should use sysctl:

	security.bsd.hardlink_check_[ug]id

+> > Maybe funlink(2) and frename(2) looks wired, but it should work.
+> > The idea is, that one cannot pass descriptor number only to those
+> > functions, because they're operating on file systems object names
+> > and there is no clean way to get path name from descriptor.
+>=20
+> It's actually impossible to get the path name, there may be zero names,
+> or more than one.

You can try to get path name from the VFS name cache (vn_fullpath(9)),
but that's why I called it non-clean-way.

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--sk1WQj/bN1s+tUrY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAZh8zForvXbEpPzQRAhJZAJsFsSIwqKXa+F2TVzxmf3nshScj3ACguaMb
ge98EfGKzrlJH8rKjMm6zAI=
=fnCA
-----END PGP SIGNATURE-----

--sk1WQj/bN1s+tUrY--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040328004123.GV8930>