Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Jun 2017 13:26:38 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: Vixie/ISC Cron group crontab to root escalation

* Fiedler Roman <Roman.Fiedler@....ac.at>, 2017-06-13, 07:45:
>>>Thanks, perhaps a comment in the code can't hurt...
>>>Or even O_NODEV which does not exist, or O_PATH (linux only)..
>>
>>As there is a O_DIRECTORY it would be more orthogonal to have O_REGULAR (open 
>>only a regular file). But that becomes more and more icky as we're running 
>>out of 32 bits of O_*)
>
>Why not stop that at all and have an O_POLICY,

With help of O_PATH, you can implement almost any sanity check in userspace.
No need to reinvent this particular wheel.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ