Date: Mon, 12 Jun 2017 14:31:57 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com, Casper.Dik@...cle.com Subject: Re: Vixie/ISC Cron group crontab to root escalation On 06/12/17 11:15 AM, Casper.Dik@...cle.com wrote: > >> On Jun 9, 6:27pm, solar@...nwall.com (Solar Designer) wrote: >> -- Subject: Re: [oss-security] Vixie/ISC Cron group crontab to root escalatio >> >> | Oh, I did in fact mention this in the private discussion, so I'll quote: >> | >> | | Another detail: somehow in Owl we introduced lstat() prior to open, and >> | | check lstat()'s struct for all the required properties before proceeding >> | | with open() with O_NOFOLLOW. Then we check that st_dev/st_ino stayed >> | | the same. We also kept the post-open() checks. I don't recall exactly >> | | why we added this, but maybe because of the possibility of side-effects >> | | on open() for hard links to device files (like with tape drives). And >> | | it looks like we neglected to add the same for at jobs (perhaps didn't >> | | revisit this when support for at jobs appeared via our update to later >> | | OpenBSD code) - maybe we should. >> >> Thanks, perhaps a comment in the code can't hurt... >> Or even O_NODEV which does not exist, or O_PATH (linux only).. > > As there is a O_DIRECTORY it would be more orthogonal to have O_REGULAR > (open only a regular file). But that becomes more and more icky as we're > running out of 32 bits of O_*) If we're adding flags to open() instead of defining one per file type it seems like it would be better to define O_MATCH_IFMT to require that the file's (mode & S_IFMT) match the (mode & S_IFMT) passed in the third argument to open. -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ