Date: Fri, 9 Jun 2017 13:41:17 -0400 From: christos@...las.com (Christos Zoulas) To: oss-security@...ts.openwall.com Subject: Re: Vixie/ISC Cron group crontab to root escalation On Jun 9, 6:27pm, solar@...nwall.com (Solar Designer) wrote: -- Subject: Re: [oss-security] Vixie/ISC Cron group crontab to root escalatio | Oh, I did in fact mention this in the private discussion, so I'll quote: | | | Another detail: somehow in Owl we introduced lstat() prior to open, and | | check lstat()'s struct for all the required properties before proceeding | | with open() with O_NOFOLLOW. Then we check that st_dev/st_ino stayed | | the same. We also kept the post-open() checks. I don't recall exactly | | why we added this, but maybe because of the possibility of side-effects | | on open() for hard links to device files (like with tape drives). And | | it looks like we neglected to add the same for at jobs (perhaps didn't | | revisit this when support for at jobs appeared via our update to later | | OpenBSD code) - maybe we should. Thanks, perhaps a comment in the code can't hurt... Or even O_NODEV which does not exist, or O_PATH (linux only).. christos
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ