Re: Linux 2.1.125 doesn't dump core on SIGSEGV

Eastep, Tom (eastep@loc1.tandem.com)
Wed, 21 Oct 1998 07:39:26 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vojtech Pavlik: "Re: Motherboard design specifically for Linux"
Previous message: Simon Kenyon: "Re: Motherboard design specifically for Linux"
Maybe in reply to: christophe leroy: "Linux 2.1.125 doesn't dump core on SIGSEGV"

Chris Wedgwood wrote:
>
>
> How does this look (still a race, but much harder to exploit):
>
> if(fd = (open("core",O_CREAT | O_EXCL)) == -1)
> goto end_dump;
>
> lstat("core",&fs1);
> fstat(fd,&fs2);
>
> /* compare stat results - don't sump if bad */
>
> Better?

In the last Unix-like file system implementation I worked on, we specifically
prevented open(.., O_CREAT...) from following trailing symlinks (In fact, none
of the system calls that create a file follow trailing links - mknod(), mkdir(),
symlink(), bind() on AF_UNIX socket, etc.). They rather generate an EEXIST error
if there exists a symbolic link with the passed name. With this approach,
exploits of the type this thread has been discussing can't occur.

Tom

-- Tom Eastep COMPAQ Computer Corporation Enterprise Computing Group Tandem Division tom.eastep@compaq.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "Re: Motherboard design specifically for Linux"
Previous message: Simon Kenyon: "Re: Motherboard design specifically for Linux"
Maybe in reply to: christophe leroy: "Linux 2.1.125 doesn't dump core on SIGSEGV"