Google
  Web www.spinics.net

Re: The open() system call in f8 really broken...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi.

On Thu, 16 Aug 2007 11:38:21 -0400, Steve Dickson wrote:

> > If you let it through, it can create a file with random mode.  Say
> > if a root process creates a file with 4777 perms, do you really
> > want to risk that while that process is scheduled away somebody
> > copies a shell into that file and runs it?
> Again.. just fail the open and put the decision of what to do in the
> hands of the app... where it belongs...

I agree with that. Tell the application "Sorry Dave, I can't let you do
that", and let the application deal with that.

If the application has no proper error handling for open calls, that is
definitely the applications problem. The open call could have failed for
other reasons, too.

I do not see how creat-without-mode is a fundamentally different case from,
for example, insufficient permissions. The applications tries something it
is not allowed to do, so fail the call (and print fat, ugly warnings to the
console), and let the application deal with the consequences.

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers

--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Home]     [Fedora Users]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net