Re: [security]: kernel ioctl()'s [3]

Jamie Lokier (lkd@tantalophile.demon.co.uk)
Mon, 5 Jul 1999 15:54:53 +0200


Bryn Paul Arnold Jones wrote:
> > Theodore Y. Ts'o wrote:
> > > (Yes, I realize there are a few differences, such as it
> > > prevents unlinking the file, and you can't do that without changing the
> > > permissions on the containing directory, which you might not own.)
> >
> > Security alert... if I hard link to some elses file and they set the
> > user-immutable bit (and deleted their last link) I can't clean out my
> > own directory?
> >
>
> Can't be done, the file is immutable so they can't unlink it until they
> remove the user-immutable bit. To end up with the file immutable again
> they have to set the immutable bit in your directory.

Suppose I link to it, they delete their link, and set user-immutable
using _my_ (last remaining) link?

Suppose I link to it, they open it, delete their link, and then set
the user-immutable bit using the file handle?

-- Jamie

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/