Re: open("foo", 3)

From: Steven Rostedt
Date: Sat Aug 20 2005 - 13:01:35 EST


On Sat, 2005-08-20 at 10:30 -0700, Linus Torvalds wrote:
>
> On Sat, 20 Aug 2005, Miklos Szeredi wrote:
> >
> > My question is: is this deliberate or accidental? Wouldn't it be more
> > logical to not require any permission to open such file? Or is there
> > some security concern with that?
>
> It's deliberate but historical. It's been a long time since I worked on
> it, but it was meant for "special opens".
>
> I _think_ it was used for things like "open block device without media
> check" etc (we use O_NONBLOCK for that now), and it was used for directory
> opens before we had O_DIRECTORY. (It's literally been years, so my
> recollection may be bogus).
>
> I don't think anything uses it any more, and it should probably be
> deprecated rather than extended upon.

It may also be dangerous, since I see several drivers using

if ((filp->f_flags & O_ACCMODE) != RD_ONLY) {
/* do something assuming we have write access */
...
}


Perhaps that access mode may not allow for getting to code like this,
but, since it's so old, you may have those that forget about the 3 mode,
and we lose the protection somewhere along the line.

It probably be better to not allow for it. Or maybe an audit of such
code needs to be replaced with:

if (filp->f_mode & FMODE_WRITE) {
...
}

Just my $0.02

-- Steve



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/