> I am *very* wary of this idea. A year or two ago there was a big hole
> in the BSD's because you could do:
> i = open("foo", 0)
> without any access to "foo" and get a filedescriptor without read or
> write access. The problem is that many devices will implicitly allow
> any ioctl() done to them (on the theory that you must have had permission
> to open the device). You're potentially opening the same sorts of
> bugs in linux.
Let's be really malicious. Since open files don't go away
when their unlinked, I can prevent someone from getting access
to their disk quotas by opening their files before they unlink them,
thus preventing the blocks from being freed. No matter that they
tried to prevent me from doing this by setting permission bits.
No, a file with mode 000 (---------- for you young'uns) ought not
be openable by unprivileged users, period.
--Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/