Re: [security]: kernel ioctl()'s [3]

David Ford (dford@talontech.com)
Thu, 01 Jul 1999 16:50:43 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Benjamin Redelings I: "[2.3.9] Cool, but socket.o left out..."
Previous message: Alexander Viro: "Re: [security]: kernel ioctl()'s [3]"
Maybe in reply to: Chris Evans: "[security]: kernel ioctl()'s [3]"
Next in thread: Theodore Y. Ts'o: "Re: [security]: kernel ioctl()'s [3]"

Chris Evans wrote:

> Because programs running as root assume
>
> open("blah", O_RDWR)
> write(blah)
>
> will work. They do NOT expect to have to
>
> open("blah", O_RDWR)
> if (-EPERM)
> chflags("blah", immutable off)
> open("blah", O_RDWR)

assumptions are generally bad.

two situations immediately come to mind.

- extended attribute; immutable
- extended attribute; append only
- filesystem mounted RO
- 100% filesystem usage, 0% free

therefore the first example is very very bad.

always check your return values, expect the unexpected and survive. =)

-d

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Benjamin Redelings I: "[2.3.9] Cool, but socket.o left out..."
Previous message: Alexander Viro: "Re: [security]: kernel ioctl()'s [3]"
Maybe in reply to: Chris Evans: "[security]: kernel ioctl()'s [3]"
Next in thread: Theodore Y. Ts'o: "Re: [security]: kernel ioctl()'s [3]"