Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Alan Cox
Date: Wed Nov 22 2017 - 11:52:08 EST

Next message: Marc Zyngier: "Re: [PATCH 18/18] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0"
Previous message: Sinan Kaya: "Re: [PATCH 29/30] i7300_idle: deprecate pci_get_bus_and_slot()"
In reply to: Matthew Wilcox: "Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories"
Next in thread: Tobin C. Harding: "Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 22 Nov 2017 09:01:46 +0100
Salvatore Mesoraca <s.mesoraca16@xxxxxxxxx> wrote:

> Disallows O_CREAT open missing the O_EXCL flag, in world or
> group writable directories, even if the file doesn't exist yet.
> With few exceptions (e.g. shared lock files based on flock())

Enough exceptions to make it a bad idea.

Firstly if you care this much *stop* having shared writable directories.
We have namespaces, you don't need them. You can give every user their
own /tmp etc.

The rest of this only make sense on a per application and directory basis
because there are valid use cases, and that means it wants to be part of
an existing LSM security module where you've got the context required and
you can attach it to a specific directory and/or process.

Alan

Next message: Marc Zyngier: "Re: [PATCH 18/18] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0"
Previous message: Sinan Kaya: "Re: [PATCH 29/30] i7300_idle: deprecate pci_get_bus_and_slot()"
In reply to: Matthew Wilcox: "Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories"
Next in thread: Tobin C. Harding: "Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]