Date: Tue, 13 Jun 2017 13:26:38 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Vixie/ISC Cron group crontab to root escalation * Fiedler Roman <Roman.Fiedler@....ac.at>, 2017-06-13, 07:45: >>>Thanks, perhaps a comment in the code can't hurt... >>>Or even O_NODEV which does not exist, or O_PATH (linux only).. >> >>As there is a O_DIRECTORY it would be more orthogonal to have O_REGULAR (open >>only a regular file). But that becomes more and more icky as we're running >>out of 32 bits of O_*) > >Why not stop that at all and have an O_POLICY, With help of O_PATH, you can implement almost any sanity check in userspace. No need to reinvent this particular wheel. -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ