Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Jun 2017 13:41:17 -0400
From: christos@...las.com (Christos Zoulas)
To: oss-security@...ts.openwall.com
Subject: Re: Vixie/ISC Cron group crontab to root escalation

On Jun 9,  6:27pm, solar@...nwall.com (Solar Designer) wrote:
-- Subject: Re: [oss-security] Vixie/ISC Cron group crontab to root escalatio

| Oh, I did in fact mention this in the private discussion, so I'll quote:
| 
| | Another detail: somehow in Owl we introduced lstat() prior to open, and
| | check lstat()'s struct for all the required properties before proceeding
| | with open() with O_NOFOLLOW.  Then we check that st_dev/st_ino stayed
| | the same.  We also kept the post-open() checks.  I don't recall exactly
| | why we added this, but maybe because of the possibility of side-effects
| | on open() for hard links to device files (like with tape drives).  And
| | it looks like we neglected to add the same for at jobs (perhaps didn't
| | revisit this when support for at jobs appeared via our update to later
| | OpenBSD code) - maybe we should.

Thanks, perhaps a comment in the code can't hurt...
Or even O_NODEV which does not exist, or O_PATH (linux only)..

christos

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ