Re: dynamic /dev security hole?

From: Eric Lammerts
Date: Mon Aug 09 2004 - 11:18:43 EST



On Mon, 9 Aug 2004, Alan Cox wrote:
> On Llu, 2004-08-09 at 05:40, Eric Lammerts wrote:
> > Just an idea for a fix for this problem: If udev would change the
> > permissions to 000 and ownership to root.root just before it unlinks
> > the device node, the copy would become useless.
>
> Unfortunately not the whole story. The permissions are checked at open
> time not on read/write/ioctl so once I have the device opened you
> lose.

It's only meant as a fix for the hardlink trick, not against the open
file descriptor trick. About the latter, if someone still has the
device opened, how can it go away? And if it doesn't go away, how can
udev create a new node with the same major/minor?

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/