oss-sec mailing list archives
Re: Vixie/ISC Cron group crontab to root escalation
From: Fiedler Roman <Roman.Fiedler () ait ac at>
Date: Tue, 13 Jun 2017 16:42:06 +0000
Von: Florian Weimer [mailto:fweimer () redhat com] On 06/13/2017 02:32 PM, Fiedler Roman wrote:Well, partially: what O_PATH can do, you could also do before O_PATHusingrepeated single-level open(NO_FOLLOW)/fstat-checks. So you had to doall theverification by yourself.That's not completely accurate because open/close on device nodes can have side effects (the classic example is a rewinding tape device). O_PATH gives you an opportunity to perform these policy checks before the side effect happens.
So true, I know about this case. But my initial messages was not intended to compare subtle differences O_PATH with other OS file access functionality already available but - prove me wrong - to argue for extending open functionality in general using features O_PATH to my knowledge cannot provide. But all that content was removed in the first reply to the message. LG Roman
Attachment:
smime.p7s
Description:
Current thread:
- Re: Vixie/ISC Cron group crontab to root escalation, (continued)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer (Jun 13)