[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how does O_NOCTTY help? [Re: bug in chdir-safer
From: |
Paul Eggert |
Subject: |
Re: how does O_NOCTTY help? [Re: bug in chdir-safer |
Date: |
Tue, 14 Feb 2006 09:50:43 -0800 |
User-agent: |
Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux) |
Jim Meyering <address@hidden> writes:
> It sounds like you're explaining why it was important to use O_NOCTTY
> on ancient systems. Do you really think it is important now?
I don't think it's _important_, no; it's a minor issue. The scenarios
that I'm thinking of are fairly unlikely and don't provide that much
benefit to the attacker. For example, suppose someone has physical
access to a serial port that is otherwise unused, and plants a
symlink-to-it in /tmp where an unwary long-running root process can
pick it up. That sort of thing. I suppose on some hosts it could be
done even without hardware access, by using pseudottys. (Not that I'm
inclined to try this!)
> Otherwise, this (omitting O_NOCTTY) would constitute a significant
> security risk and it would have been well documented.
I tend to agree about "significant security risk". Internal vandals
are not that big a deal these days, on most hosts. However, I suspect
that the vandalism is possible, at least on System Vish hosts. (It's
not possible on GNU/Linux thank goodness.)
- how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/09
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/10
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/10
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/10
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/12
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Paul Eggert, 2006/02/12
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer, Jim Meyering, 2006/02/14
- Re: how does O_NOCTTY help? [Re: bug in chdir-safer,
Paul Eggert <=