Re: O_NOLINK for open()

From: Brent Casavant
Date: Wed Sep 12 2007 - 19:49:06 EST


On Wed, 12 Sep 2007, Brent Casavant wrote:

> On Wed, 12 Sep 2007, Al Viro wrote:
>
> > Give me a break. And learn about ptrace(2). This "unlinking" bullshit
> > buys you zero additional security, both for /proc/*/mem and for /dev/mem
> > (see mknod(2)).
>
> My (limited) understanding of ptrace is that a parent-child
> relationship is needed between the tracing process and the traced
> process (at least that's what I gather from the man page). This
> does give cause for concern, and I might have to see what can be
> done to alleviate this concern. I fully realize that making this
> design completely unassilable is a fools errand, but closing off
> as many attack vectors as possible seems prudent.

Hmm. The solution would appear to be as simple as making the
target program set-user-id. As long as as the attacker isn't
the superuser (or has CAP_SYS_PTRACE) we should be OK.

Thanks for the heads-up,
Brent

--
Brent Casavant All music is folk music. I ain't
bcasavan@xxxxxxx never heard a horse sing a song.
Silicon Graphics, Inc. -- Louis Armstrong
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/