Nicolai Johannes
2007-Jan-10 16:24 UTC
[Security-discuss] AW: AW: AW: [zfs-discuss] Proposal for new basic
Keeping the write privilege and only set it in the effective set from time to time may save you from programming errors and standard exploits, but not from a dedicated exploit that is able to set the privilege as well. Regards Johannes Nicolai -----Urspr?ngliche Nachricht----- Von: Jonathan Adams [mailto:jonathan.adams@sun.com] Gesendet: Do 22.06.2006 20:42 An: Nicolai Johannes Cc: Casper.Dik@sun.com; security-discuss@opensolaris.org; zfs-discuss@opensolaris.org Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks On Thu, Jun 22, 2006 at 08:36:05PM +0200, Nicolai Johannes wrote:> To the question whether we should care about being able to write files at all: > > I am not sure whether the following access checks are done by the > file system layer, but what is with files in /dev/, named pipes and > Unix Domain Sockets? Also for lockfiles, that may be removed by other > users, writing file would make sense.A daemon which needs to open these things could keep the WRITE privilege in it''s permitted set, and only set it while it needed it. I''d imagine that for most daemons, you could simply drop WRITE entirely, because you never need to do a open(..., O_WRITE) afterwards. As with most basic privileges, you need to be careful if you drop it. This is not a surprise. Cheers, - jonathan> -----Urspr?ngliche Nachricht----- > Von: casper@holland.sun.com im Auftrag von Casper.Dik@sun.com > Gesendet: Do 22.06.2006 20:23 > An: Nicolas Williams > Cc: Jonathan Adams; Nicolai Johannes; security-discuss@opensolaris.org > Betreff: Re: AW: AW: [zfs-discuss] Proposal for new basic privileges related with filesystem access checks > > > >Thinking about PID re-use, yes, but I''m not trying to design the > >specific details -- I think a set of items to cache that provides strong > >security guarantees can be found. The interface would remain > >unpredictable in other ways, but that seems like a small price to pay > >considering the use cases. > > I think that this "cache design" really points to deficiencies in > the underlying architecture. If you have to add workarounds for > certain parts of the behaviour, you generally do better reconsidering > the initial design. And to question whether we actually care about > being able to write files at all. > > Casper > > _______________________________________________ > zfs-discuss mailing list > zfs-discuss@opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss-- Jonathan Adams, Solaris Kernel Development _______________________________________________ security-discuss mailing list security-discuss@opensolaris.org