Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 5 Oct 2001 13:44:50 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 5 Oct 2001 13:44:40 -0400 Received: from neon-gw-l3.transmeta.com ([63.209.4.196]:62225 "EHLO neon-gw.transmeta.com") by vger.kernel.org with ESMTP id ; Fri, 5 Oct 2001 13:44:27 -0400 Date: Fri, 5 Oct 2001 10:44:21 -0700 (PDT) From: Linus Torvalds To: Horst von Brand cc: "Eric W. Biederman" , Alan Cox , Alexander Viro , Subject: Re: Security question: "Text file busy" overwriting executables but In-Reply-To: <200110051735.f95HZ4ou003296@pincoya.inf.utfsm.cl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 5 Oct 2001, Horst von Brand wrote: > Linus Torvalds said: > > On 5 Oct 2001, Eric W. Biederman wrote: > > [...] > > > > Currently checking to see if the file is executable looks good > > > enough. > > > > [ executable by the user in question, not just anybody ] > > > > Yes, I suspect it is. > > Who is "user in question"? It is quite legal (if strange) to have a file > user A can modify, but not execute, while B can execute it. The "user in question" being the one that actually does the mmap(MAP_DENYWRITE). If _he_ can execute the file, that would be reason enough to think that he can deny others from writing to it while he has it mapped.. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/