Re: The open() system call in f8 really broken... | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Steve Grubb wrote:
On Wednesday 15 August 2007 20:56:10 Steve Dickson wrote:Now If I'm not mistaken, its been legal since the 70s to use O_CREAT without a mode because (depending on the OS) the mode of parent directory will be used (or something similar)...The problem is that without a mode being passed, the kernel uses whatever the stack contents are.
well the man pages does something about using "the mode of the parent directory", but all implantations are different...
And yes, its conceivable the stack contents could create a world writable setuid file which cannot ever be the intended operation.
The key word being "conceivable"... a hole that size would have been found a long time ago... and because of these new constraints a hole of this type not happen, which is a good thing... but just because some this is conceivable does not justify killing processes... exportfs does not write setuid files, but it can cause a lost of thousand of dollars when a entire development department is idle because they can't log in because we decided to change the meaning of open()... it just does not make sense to me... Again, creating good program habits is a good thing, but at what cost? steved. -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
[Home] [Fedora Users] [Fedora Devel Java] [Fedora Legacy] [Fedora Desktop] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
