Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Jun 2017 14:31:57 -0700
From: Alan Coopersmith <>
Subject: Re: Vixie/ISC Cron group crontab to root escalation

On 06/12/17 11:15 AM, wrote:
>> On Jun 9,  6:27pm, (Solar Designer) wrote:
>> -- Subject: Re: [oss-security] Vixie/ISC Cron group crontab to root escalatio
>> | Oh, I did in fact mention this in the private discussion, so I'll quote:
>> |
>> | | Another detail: somehow in Owl we introduced lstat() prior to open, and
>> | | check lstat()'s struct for all the required properties before proceeding
>> | | with open() with O_NOFOLLOW.  Then we check that st_dev/st_ino stayed
>> | | the same.  We also kept the post-open() checks.  I don't recall exactly
>> | | why we added this, but maybe because of the possibility of side-effects
>> | | on open() for hard links to device files (like with tape drives).  And
>> | | it looks like we neglected to add the same for at jobs (perhaps didn't
>> | | revisit this when support for at jobs appeared via our update to later
>> | | OpenBSD code) - maybe we should.
>> Thanks, perhaps a comment in the code can't hurt...
>> Or even O_NODEV which does not exist, or O_PATH (linux only)..
> As there is a O_DIRECTORY it would be more orthogonal to have O_REGULAR
> (open only a regular file).  But that becomes more and more icky as we're
> running out of 32 bits of O_*)

If we're adding flags to open() instead of defining one per file type it
seems like it would be better to define O_MATCH_IFMT to require that the
file's (mode & S_IFMT) match the (mode & S_IFMT) passed in the third
argument to open.

	-Alan Coopersmith-     
	 Oracle Solaris Engineering -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ