Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Jun 2017 13:26:38 +0200
From: Jakub Wilk <>
Subject: Re: Vixie/ISC Cron group crontab to root escalation

* Fiedler Roman <>, 2017-06-13, 07:45:
>>>Thanks, perhaps a comment in the code can't hurt...
>>>Or even O_NODEV which does not exist, or O_PATH (linux only)..
>>As there is a O_DIRECTORY it would be more orthogonal to have O_REGULAR (open 
>>only a regular file). But that becomes more and more icky as we're running 
>>out of 32 bits of O_*)
>Why not stop that at all and have an O_POLICY,

With help of O_PATH, you can implement almost any sanity check in userspace.
No need to reinvent this particular wheel.

Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ