Re: [security]: kernel ioctl()'s [3]

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Peter Svensson: "Re: fsck is dead (was: Some very thought-provoking ...)"
• Previous message: Frank Butter: "Re: best choice today?"
• Maybe in reply to: Chris Evans: "[security]: kernel ioctl()'s [3]"
• Next in thread: David Ford: "Re: [security]: kernel ioctl()'s [3]"

>> Because programs running as root assume

>> open("blah", O_RDWR)
>> write(blah)

>> will work. They do NOT expect to have to

>> open("blah", O_RDWR)
>> if (-EPERM)
>> chflags("blah", immutable off)
>> open("blah", O_RDWR)

> assumptions are generally bad.

Failure to check for errors is often BAD.

> two situations immediately come to mind.

> - extended attribute; immutable
> - extended attribute; append only
> - filesystem mounted RO
> - 100% filesystem usage, 0% free

--- that's four;

Let's also add

- System is BSD 4.4 and user immutable or user append-only
UFS flag is set.

> therefore the first example is very very bad.
> always check your return values, expect the unexpected and survive. =)

> -d

--
Jim Dennis                                             jdennis@linuxcare.com
Linuxcare: Linux Corporate Support Team:            http://www.linuxcare.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Peter Svensson: "Re: fsck is dead (was: Some very thought-provoking ...)"
• Previous message: Frank Butter: "Re: best choice today?"
• Maybe in reply to: Chris Evans: "[security]: kernel ioctl()'s [3]"
• Next in thread: David Ford: "Re: [security]: kernel ioctl()'s [3]"