Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Tue, 29 Aug 1995 20:18:53 -0400


If I left the impression that I was confident this isn't a potential
security hazard, I was foolish.  I worried about it when I installed
the feature, I was worried enough about it to accompany it with
documentation, and I'm still worried about it.  However, in my
opinion the performance payoff is just too great to ignore having
this feature.  I've tried as hard as I know to make it as safe as
possible.

Well, I think I would prefer one file per invoking UID, mode 600 owned
by that user, and when opening it you should be very paranoid.
Something like:

        - lstat() it
        - if it's nonexistent
                - open with O_EXCL|O_CREAT
                - fstat() the fd
                - lstat() it again
                - make sure the two stat structures agree, and that the
                   lstat() didn't indicate a symlink
        - else, it exists, so
                - make sure it's not a symlink, expected owner and mode
                - open without O_EXCL or O_CREAT
                - if the open failed with ENOENT, go back to the top
                   (perhaps put a (small) retry count limit on this?)
                - fstat() the fd
                - make sure it matches the first lstat()

Of course, this should all be done after permanently discarding all
privilege (which should have been done very early in startup, right
after opening /dev/kmem and whatever else is needed).

I think the running-as-root case is important enough, and root needs an
especially trustworthy lsof enough, that even if all other users share
a cache file, root should have its own, and it should be mode 600.

Of course, that's just my opinion.  And I don't have patches to back it
up, so to speak....

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]