Re: Why Sysrq+k does not offer a trusted path

From: viro
Date: Mon Sep 29 2003 - 02:26:10 EST

Next message: M.S. Lucas: "2.6.0-test6: Make menuconfig error"
Previous message: Bernd Eckenfels: "Re: Why Sysrq+k does not offer a trusted path"
In reply to: Bernd Eckenfels: "Re: Why Sysrq+k does not offer a trusted path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 29, 2003 at 08:53:59AM +0200, Oliver Tennert wrote:
> Thus it is a more secure way to offer a real SAK.
>
> Or am I missing a very important point?

Scanning through the file descriptor tables of processes does not catch
every opened file out there. For trivial example consider attaching an
open file to SCM_RIGHTS datagram and sending it to yourself. Then close
the original descriptor. Later you will be able to receive the datagram
and get your opened file back.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: M.S. Lucas: "2.6.0-test6: Make menuconfig error"
Previous message: Bernd Eckenfels: "Re: Why Sysrq+k does not offer a trusted path"
In reply to: Bernd Eckenfels: "Re: Why Sysrq+k does not offer a trusted path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]