Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264652AbUDVUHy (ORCPT ); Thu, 22 Apr 2004 16:07:54 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264661AbUDVUHy (ORCPT ); Thu, 22 Apr 2004 16:07:54 -0400 Received: from fw.osdl.org ([65.172.181.6]:15232 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S264652AbUDVUFy (ORCPT ); Thu, 22 Apr 2004 16:05:54 -0400 Date: Thu, 22 Apr 2004 13:05:51 -0700 (PDT) From: Linus Torvalds To: Peter =?ISO-8859-1?Q?W=E4chtler?= cc: Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH] coredump - as root not only if euid switched In-Reply-To: <1082663036.2592.1.camel@picklock.adams.family> Message-ID: References: <2899705.1082626850875.JavaMail.pwaechtler@mac.com> <20040422025638.0bf86599.akpm@osdl.org> <1082663036.2592.1.camel@picklock.adams.family> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1406 Lines: 43 On Thu, 22 Apr 2004, Peter W?chtler wrote: > > > hm, OK. There's a window in which someone can come in and recreate the > > file, but the open is using O_EXCL|O_CREATE so that seems safe enough. > > So here is the updated patch with an open coded call to sys_unlink Aughr. Wouldn't it be much nicer to just refuse to overwrite files owned by anybody else? In other words, I'd much rather see a patch that is a much simpler one, which just says: if we opened an existing file, we won't touch it if we weren't the owners of it. That should be safe for root _and_ it should be safe for people who already had a file descriptor open previously (hey, if the previous root-owned core-file was world readable, then what else is new?) Tell me why this isn't simpler? Linus --- --- 1.111/fs/exec.c Wed Apr 21 02:11:57 2004 +++ edited/fs/exec.c Thu Apr 22 13:03:27 2004 @@ -1378,6 +1378,8 @@ inode = file->f_dentry->d_inode; if (inode->i_nlink > 1) goto close_fail; /* multiple links - don't dump */ + if (inode->i_uid != current->euid || inode->i_gid != current->egid) + goto close_fail; if (d_unhashed(file->f_dentry)) goto close_fail; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/