Re: dynamic /dev security hole?

From: Eric Lammerts
Date: Mon Aug 09 2004 - 11:48:12 EST



I guess I'm missing something here...

On Mon, 9 Aug 2004, Alan Cox wrote:
> User closes device
> I have linked copy (not open)
> Device unloaded

At this point, udev (with the chown/chmod patch) would chown your
linked copy (before unlinking the original device node), right?

> I open the linked copy

So this wouldn't work.

> This makes new device load for me.
>
>
> I'm just trying to point out that the order of operations matters here
> because the old nodes must all be dead before the new device. Its even
> worse for less dynamic numbering.

The only problem I can think of is a race when a new device appears
with the same major/minor before udev gets a chance to do its stuff,
eg.

1) User closes device
2) I have linked copy (not open)
3) Device unloaded
4) New device appears
5) I open the linked copy
6) Udev chowns/chmods old device node (triggered by 3)) --> too late

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/