Re: inode open

To: Jason Thorpe <thorpej%shagadelic.org@localhost>
Subject: Re: inode open
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Wed, 16 Jul 2008 17:18:47 -0400

On Wed, 16 Jul 2008 13:34:34 -0700
Jason Thorpe <thorpej%shagadelic.org@localhost> wrote:

> 
> On Jul 16, 2008, at 7:47 AM, Matt Thomas wrote:
> 
> > Besides the fhopen(2) previously mentioned, this isn't available  
> > because it would break the security used by unix.
> 
> 
> Other Unix-like platforms (Mac OS X) can do this without breaking
> the Unix security model.  We should be able to, too.
> 
I'm curious how they do it.  Today, I can safely have a mode 666 file
inside a 700 directory.  A setuid program can cd to that directory,
surrender privilege, and then operate on the files.  The real user
can't get to that directory, and hence can't touch the files -- but if
it could open things by i-node number, it could.  (I first saw that
technique used in an old MTA, MMDF, circa 1979.)


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: inode open
  - From: Bill Stouder-Studenmund

References:
- inode open
  - From: Adam Burkepile
- Re: inode open
  - From: Matt Thomas
- Re: inode open
  - From: Jason Thorpe

Prev by Date: Re: Fwd: openvpn, no errors but no workie...
Next by Date: Re: inode open
Previous by Thread: Re: inode open
Next by Thread: Re: inode open
Indexes:

Home | Main Index | Thread Index | Old Index