Ideas for changes to Unix filesystem

Barry Shein bzs at world.std.com
Fri Feb 8 08:32:51 AEST 1991 

>The question isn't whether you can write your own copy; it is whether you
>can write to the "system's" copy.  Say the "system" has a file with mode
>666 which is protected only by directory permissions.  Certain setuid
>or setgid programs are supplied which provide controlled access to the
>file.  A user supplied program can be invoked with the file open for
>read.  Only "system" supplied programs can access the file for write.
>With flink(), the user could create a name for the file, reopen it for
>write, and screw up the whole world.

Since all flink() would do is enter a string/i-num pair into a
directory I can't see how any of this applies.

I was trying to think of some trick along the lines of a setuid
program which opens a protected file and then execs a non-priv process
handing down only the open fd, some software does this sort of thing.

Inetd is analogous to this, as an example, since it takes privilege to
bind() a low-numbered port for accepts() but the processes it execs
need not be priv'd in any way (I realize these are sockets, not plain
files, but just in case anyone thought this sort of thing I am
describing is unlikely...)

But if it can be flink()'d at all then we assume you could seek to
zero and copy all the data out of the file to your own file anyhow, so
that's not a new opportunity. And whether you can read or write is
dictated by the setting of the inode and how the original fd was
opened which is independent of flink() entirely.

----------

Hmm, it would also increase the link count of the file. I suppose that
could be a weak security problem. It also would change the change date
in the inode, even if the file and/or directory were otherwise
inaccessible for any modification by other means.

So I suppose someone could use this on a read-only fd handed down from
a priv'd process to maliciously force the file to appear to need
a back-up.
-- 
        -Barry Shein

Software Tool & Die    | bzs at world.std.com          | uunet!world!bzs
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD

More information about the Comp.unix.internals mailing list