Date: Sun, 28 Mar 2004 01:41:23 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Jilles Tjoelker <jilles+fbsd-arch@stack.nl> Cc: freebsd-arch@freebsd.org Subject: Re: fchroot(2) and others. Message-ID: <20040328004123.GV8930@darkness.comp.waw.pl> In-Reply-To: <20040328000413.GA6185@stack.nl> References: <20040327203620.GR8930@darkness.comp.waw.pl> <20040328000413.GA6185@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--sk1WQj/bN1s+tUrY Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 28, 2004 at 01:04:13AM +0100, Jilles Tjoelker wrote: +> > http://people.freebsd.org/~pjd/patches/secure_syscalls.patch +>=20 +> > I've also impelemnted safe versions of other syscalls: +>=20 +> > int flink(int fd, const char *link); +>=20 +> This means that you can access a file forever when you get a descriptor +> on it once, which may not be desired. In any case, this gives more +> rights than normal. You could mitigate this by requiring the caller to +> own the file, or by following the same approach (fd+name) as in +> funlink() and frename(). Actually if you are worring about this, so should use sysctl: security.bsd.hardlink_check_[ug]id +> > Maybe funlink(2) and frename(2) looks wired, but it should work. +> > The idea is, that one cannot pass descriptor number only to those +> > functions, because they're operating on file systems object names +> > and there is no clean way to get path name from descriptor. +>=20 +> It's actually impossible to get the path name, there may be zero names, +> or more than one. You can try to get path name from the VFS name cache (vn_fullpath(9)), but that's why I called it non-clean-way. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --sk1WQj/bN1s+tUrY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAZh8zForvXbEpPzQRAhJZAJsFsSIwqKXa+F2TVzxmf3nshScj3ACguaMb ge98EfGKzrlJH8rKjMm6zAI= =fnCA -----END PGP SIGNATURE----- --sk1WQj/bN1s+tUrY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040328004123.GV8930>