oss-sec mailing list archives
Re: Vixie/ISC Cron group crontab to root escalation
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 13 Jun 2017 18:35:45 +0200
On 06/13/2017 02:32 PM, Fiedler Roman wrote:
Well, partially: what O_PATH can do, you could also do before O_PATH using repeated single-level open(NO_FOLLOW)/fstat-checks. So you had to do all the verification by yourself.
That's not completely accurate because open/close on device nodes can have side effects (the classic example is a rewinding tape device). O_PATH gives you an opportunity to perform these policy checks before the side effect happens. Florian
Current thread:
- Re: Vixie/ISC Cron group crontab to root escalation, (continued)
- Re: Vixie/ISC Cron group crontab to root escalation Ian Zimmerman (Jun 08)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer (Jun 13)