Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-12-07 22:47 GMT+01:00 Solar Designer : > On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > > 2017-11-30 17:30 GMT+01:00 Solar Designer : > > > $ strace flock /tmp/lockfile -c cat > > > [...] > > > open("/tmp/lockfile",

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-12-07 22:47 GMT+01:00 Solar Designer : > On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > > 2017-11-30 17:30 GMT+01:00 Solar Designer : > > > $ strace flock /tmp/lockfile -c cat > > > [...] > > > open("/tmp/lockfile", O_RDONLY|O_CREAT|O_NOCTTY, 0666) = 3 > > > flock(3,

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > 2017-11-30 17:30 GMT+01:00 Solar Designer : > > $ strace flock /tmp/lockfile -c cat > > [...] > > open("/tmp/lockfile", O_RDONLY|O_CREAT|O_NOCTTY, 0666) = 3 > > flock(3, LOCK_EX) = 0 > >

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > 2017-11-30 17:30 GMT+01:00 Solar Designer : > > $ strace flock /tmp/lockfile -c cat > > [...] > > open("/tmp/lockfile", O_RDONLY|O_CREAT|O_NOCTTY, 0666) = 3 > > flock(3, LOCK_EX) = 0 > > > > This use of

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-30 17:30 GMT+01:00 Solar Designer : > Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and > Karel Zak for util-linux flock(1). > > On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > > On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-30 17:30 GMT+01:00 Solar Designer : > Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and > Karel Zak for util-linux flock(1). > > On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > > On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca wrote: > > >

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

> > That's general misuse of /tmp. Things like "command > /tmp/file" > > without having pre-created the file with O_EXCL e.g. by mktemp(1). > > I'm sorry, I've been using Unix for over 30 years. > /tmp is a place that temporary files were created - nothing special. > Traditionally it was

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

> > That's general misuse of /tmp. Things like "command > /tmp/file" > > without having pre-created the file with O_EXCL e.g. by mktemp(1). > > I'm sorry, I've been using Unix for over 30 years. > /tmp is a place that temporary files were created - nothing special. > Traditionally it was

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Solar Designer > Sent: 30 November 2017 17:52 > > On Thu, Nov 30, 2017 at 04:53:06PM +, David Laight wrote: > > From: Salvatore Mesoraca > > > if a program tries to open a file, in a sticky directory, > > > with the O_CREAT flag and without the O_EXCL, it probably has a bug. > > > This

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Solar Designer > Sent: 30 November 2017 17:52 > > On Thu, Nov 30, 2017 at 04:53:06PM +, David Laight wrote: > > From: Salvatore Mesoraca > > > if a program tries to open a file, in a sticky directory, > > > with the O_CREAT flag and without the O_EXCL, it probably has a bug. > > > This

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Thu, Nov 30, 2017 at 04:53:06PM +, David Laight wrote: > From: Salvatore Mesoraca > > if a program tries to open a file, in a sticky directory, > > with the O_CREAT flag and without the O_EXCL, it probably has a bug. > > This feature allows to detect and potentially block programs that > >

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Thu, Nov 30, 2017 at 04:53:06PM +, David Laight wrote: > From: Salvatore Mesoraca > > if a program tries to open a file, in a sticky directory, > > with the O_CREAT flag and without the O_EXCL, it probably has a bug. > > This feature allows to detect and potentially block programs that > >

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Salvatore Mesoraca > Sent: 22 November 2017 08:02 > > Disallows O_CREAT open missing the O_EXCL flag, in world or > group writable directories, even if the file doesn't exist yet. > With few exceptions (e.g. shared lock files based on flock()) > if a program tries to open a file, in a

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Salvatore Mesoraca > Sent: 22 November 2017 08:02 > > Disallows O_CREAT open missing the O_EXCL flag, in world or > group writable directories, even if the file doesn't exist yet. > With few exceptions (e.g. shared lock files based on flock()) > if a program tries to open a file, in a

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and Karel Zak for util-linux flock(1). On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca wrote: > > 2017-11-27 1:26 GMT+01:00 Solar Designer : >

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and Karel Zak for util-linux flock(1). On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca wrote: > > 2017-11-27 1:26 GMT+01:00 Solar Designer : > > > Why would

Re: [kernel-hardening] Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca wrote: > 2017-11-27 1:26 GMT+01:00 Solar Designer : > > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > > 2017-11-24 11:53 GMT+01:00 David Laight > > > : > > > > From: Alan

Re: [kernel-hardening] Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesoraca wrote: > 2017-11-27 1:26 GMT+01:00 Solar Designer : > > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > > 2017-11-24 11:53 GMT+01:00 David Laight > > > : > > > > From: Alan Cox > > > > > Sent: 22 November 2017 16:52 > >

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-27 1:26 GMT+01:00 Solar Designer : > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > 2017-11-24 11:53 GMT+01:00 David Laight : > > > From: Alan Cox > > >> Sent: 22 November 2017 16:52 > > >> > > >> On Wed, 22 Nov 2017

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-27 1:26 GMT+01:00 Solar Designer : > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > 2017-11-24 11:53 GMT+01:00 David Laight : > > > From: Alan Cox > > >> Sent: 22 November 2017 16:52 > > >> > > >> On Wed, 22 Nov 2017 09:01:46 +0100 Salvatore Mesoraca > > >>

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > 2017-11-24 11:53 GMT+01:00 David Laight : > > From: Alan Cox > >> Sent: 22 November 2017 16:52 > >> > >> On Wed, 22 Nov 2017 09:01:46 +0100 Salvatore Mesoraca > >> wrote: > >> >

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > 2017-11-24 11:53 GMT+01:00 David Laight : > > From: Alan Cox > >> Sent: 22 November 2017 16:52 > >> > >> On Wed, 22 Nov 2017 09:01:46 +0100 Salvatore Mesoraca > >> wrote: > >> > >> > Disallows O_CREAT open missing the O_EXCL

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 12:53 GMT+01:00 David Laight : > From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] >> Sent: 24 November 2017 11:44 >> >> 2017-11-24 11:53 GMT+01:00 David Laight : >> > From: Alan Cox >> >> Sent: 22 November 2017 16:52 >> >> >> >>

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 12:53 GMT+01:00 David Laight : > From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] >> Sent: 24 November 2017 11:44 >> >> 2017-11-24 11:53 GMT+01:00 David Laight : >> > From: Alan Cox >> >> Sent: 22 November 2017 16:52 >> >> >> >> On Wed, 22 Nov 2017 09:01:46 +0100 >> >> Salvatore

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] > Sent: 24 November 2017 11:44 > > 2017-11-24 11:53 GMT+01:00 David Laight : > > From: Alan Cox > >> Sent: 22 November 2017 16:52 > >> > >> On Wed, 22 Nov 2017 09:01:46 +0100 > >> Salvatore Mesoraca

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] > Sent: 24 November 2017 11:44 > > 2017-11-24 11:53 GMT+01:00 David Laight : > > From: Alan Cox > >> Sent: 22 November 2017 16:52 > >> > >> On Wed, 22 Nov 2017 09:01:46 +0100 > >> Salvatore Mesoraca wrote: > >> > >> > Disallows O_CREAT

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 11:53 GMT+01:00 David Laight : > From: Alan Cox >> Sent: 22 November 2017 16:52 >> >> On Wed, 22 Nov 2017 09:01:46 +0100 >> Salvatore Mesoraca wrote: >> >> > Disallows O_CREAT open missing the O_EXCL flag, in world or >> > group writable

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 11:53 GMT+01:00 David Laight : > From: Alan Cox >> Sent: 22 November 2017 16:52 >> >> On Wed, 22 Nov 2017 09:01:46 +0100 >> Salvatore Mesoraca wrote: >> >> > Disallows O_CREAT open missing the O_EXCL flag, in world or >> > group writable directories, even if the file doesn't exist yet.

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Alan Cox > Sent: 22 November 2017 16:52 > > On Wed, 22 Nov 2017 09:01:46 +0100 > Salvatore Mesoraca wrote: > > > Disallows O_CREAT open missing the O_EXCL flag, in world or > > group writable directories, even if the file doesn't exist yet. > > With few exceptions

RE: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

From: Alan Cox > Sent: 22 November 2017 16:52 > > On Wed, 22 Nov 2017 09:01:46 +0100 > Salvatore Mesoraca wrote: > > > Disallows O_CREAT open missing the O_EXCL flag, in world or > > group writable directories, even if the file doesn't exist yet. > > With few exceptions (e.g. shared lock files

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-23 23:57 GMT+01:00 Tobin C. Harding : > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: > > Same caveat about this being English language comments only as for patch > 1/2. Please ignore if this is too trivial. My grammar is a long way from > perfect,

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-23 23:57 GMT+01:00 Tobin C. Harding : > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: > > Same caveat about this being English language comments only as for patch > 1/2. Please ignore if this is too trivial. My grammar is a long way from > perfect, especially please

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 17:51 GMT+01:00 Alan Cox : > On Wed, 22 Nov 2017 09:01:46 +0100 > Salvatore Mesoraca wrote: > >> Disallows O_CREAT open missing the O_EXCL flag, in world or >> group writable directories, even if the file doesn't exist yet. >> With

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 17:51 GMT+01:00 Alan Cox : > On Wed, 22 Nov 2017 09:01:46 +0100 > Salvatore Mesoraca wrote: > >> Disallows O_CREAT open missing the O_EXCL flag, in world or >> group writable directories, even if the file doesn't exist yet. >> With few exceptions (e.g. shared lock files based on

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 14:22 GMT+01:00 Matthew Wilcox : > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: >> +An O_CREAT open missing the O_EXCL flag in a sticky directory is, >> +often, a bug or a synthom of the fact that the program is not >> +using appropriate

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 14:22 GMT+01:00 Matthew Wilcox : > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: >> +An O_CREAT open missing the O_EXCL flag in a sticky directory is, >> +often, a bug or a synthom of the fact that the program is not >> +using appropriate procedures to access

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: Same caveat about this being English language comments only as for patch 1/2. Please ignore if this is too trivial. My grammar is a long way from perfect, especially please feel free to ignore my placement of commas, they are

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: Same caveat about this being English language comments only as for patch 1/2. Please ignore if this is too trivial. My grammar is a long way from perfect, especially please feel free to ignore my placement of commas, they are

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, 22 Nov 2017 09:01:46 +0100 Salvatore Mesoraca wrote: > Disallows O_CREAT open missing the O_EXCL flag, in world or > group writable directories, even if the file doesn't exist yet. > With few exceptions (e.g. shared lock files based on flock()) Enough exceptions

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, 22 Nov 2017 09:01:46 +0100 Salvatore Mesoraca wrote: > Disallows O_CREAT open missing the O_EXCL flag, in world or > group writable directories, even if the file doesn't exist yet. > With few exceptions (e.g. shared lock files based on flock()) Enough exceptions to make it a bad idea.

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: > +An O_CREAT open missing the O_EXCL flag in a sticky directory is, > +often, a bug or a synthom of the fact that the program is not > +using appropriate procedures to access sticky directories. > +This protection allow to detect

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: > +An O_CREAT open missing the O_EXCL flag in a sticky directory is, > +often, a bug or a synthom of the fact that the program is not > +using appropriate procedures to access sticky directories. > +This protection allow to detect

[PATCH v3 2/2] Protected O_CREAT open in sticky directories

Disallows O_CREAT open missing the O_EXCL flag, in world or group writable directories, even if the file doesn't exist yet. With few exceptions (e.g. shared lock files based on flock()) if a program tries to open a file, in a sticky directory, with the O_CREAT flag and without the O_EXCL, it

[PATCH v3 2/2] Protected O_CREAT open in sticky directories

Disallows O_CREAT open missing the O_EXCL flag, in world or group writable directories, even if the file doesn't exist yet. With few exceptions (e.g. shared lock files based on flock()) if a program tries to open a file, in a sticky directory, with the O_CREAT flag and without the O_EXCL, it