Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-

From:	Paul Eggert
Subject:	Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039)
Date:	Fri, 15 Apr 2005 00:18:33 -0700
User-agent:	Gnus/5.1006 (Gnus v5.10.6) Emacs/21.4 (gnu/linux)

My kneejerk reaction is that it's not worth making this change.  The
attack in question will work against almost any program that is
operated in an insecure directory, including the "chmod" program
itself.  It'd be a real pain to work around this problem in all
applications, one at a time, and it's not at all clear to me that it's
even doable in general.

I suggest simply warning users that if you let bad guys modify your
directories, you're asking for trouble.  Which is certainly true in
any event.

That being said, it would be an easy security improvement if mkdir -m
would use lchmod rather than chmod, on platforms where lchmod is
available.  There may be several other programs where this would be
advisable as well, and similarly for lchown versus chown.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039), Jim Meyering, 2005/04/14
- Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039), Paul Eggert <=
  - Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039), Jim Meyering, 2005/04/15

Prev by Date: Re: mknod
Next by Date: Re: I need a bi-directional FIFO
Previous by thread: Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039)
Next by thread: Re: Bug#304556: file permissions race in mkdir, mknod, mkfifo (CAN-2005-1039)
Index(es):
- Date
- Thread