Hi!
> >That race is easily fixed.
>
> No, you're not right.
>
> > After chmodding the directory to 0700, *first*
> >check the link count, *then* chmod the file to 0666:
> >
> > User1 creates file with permissions 0644
> > User2 opens file for read access on file descriptor 4
> > User1 chmod's directory to 0700
> > User1 verifies no hard links to file
>
> Here's a window, during which User2 is able to create a hardlink and
> that will remain unnoticed by User1. There's no way to perform link
> check and conditionally do chmod in an atomic manner.
0700 on directory prevents hardlink creation, see?
pa...@amd:/tmp$ mkdir my_dir
pa...@amd:/tmp$ cd my_dir/
pa...@amd:/tmp/my_dir$ ls
pa...@amd:/tmp/my_dir$ > foo
pa...@amd:/tmp/my_dir$ chmod 700 .
pa...@amd:/tmp/my_dir$ su guest
Password:
gu...@amd:/tmp/my_dir$ ln foo /tmp/bar
ln: accessing `foo': Permission denied
gu...@amd:/tmp/my_dir$
You need x bit on directory to look up foo.
> >Excluding the /proc route, at no point during this sequence, User2 could
> >have opened the file for writing. Therefore, User1 expects (justified,
> >imo) that User2 cannot write to the file. The writability of /proc/$$/fd/4
> >violates this expectation.
> >
> Again, you're not right. See above.
No, he's right, see above.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
