Followup to: <b6qo2a$ecl$1@cesium.transmeta.com>
By author: "H. Peter Anvin" <hpa@zytor.com>
In newsgroup: linux.dev.kernel
>
> This, I believe, is the real issue. However, we already have that
> problem:
>
[Sample code]
Here is a better piece of sample code that actually shows a
permissions violation happening:
[...]
mkdir("testdir", 0700) = 0
open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
write(3, "Ansiktsburk\n", 12) = 12
close(3) = 0
open("testdir/testfile", O_RDONLY) = 3
chmod("testdir", 0) = 0
open("/proc/self/fd/3", O_RDWR) = 4
write(4, "Tjo fidelittan hatt!\n", 21) = 21
exit_group(0) = ?
----snip----
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <limits.h>
int main(int argc, char *argv[])
{
int sfd, rfd, wfd;
char filebuf[PATH_MAX];
mkdir("testdir", 0700);
/* Create the file legitimately */
sfd = open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666);
write(sfd, "Ansiktsburk\n", 12);
close(sfd);
/* Open read-only file descriptor */
rfd = open("testdir/testfile", O_RDONLY);
/* Make directory inaccessible */
chmod("testdir", 0);
/* Open read-write file descriptor */
sprintf(filebuf, "/proc/self/fd/%d", rfd);
wfd = open(filebuf, O_RDWR);
/* Clobber file */
write(wfd, "Tjo fidelittan hatt!\n", 21);
return 0;
}
-- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! "Unix gives you enough rope to shoot yourself in the foot." Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 07 2003 - 22:00:30 EST