Re: Bug#20241: Timezones should depend on debian-utils
Jason Gunthorpe wrote:
> Hm, actually because of the way schedualling happens it is still highly
> unlikely. Adding more processes like this does not make everything slower
> it just increases the chance that The Evil Program will run in alternating
> timeslices.
I don't know about linux's scheduler, but if it operates in anything that
resembles round-robin fashion, forking should give the attacking program
many more chances at winning the race.
> It is still -highly- chaotic where the actualy context
> switches will occur, and you cannot say for certain that The Evil Program
> will run between the time the remove is performed and the open is
> performed.
Of course not. It's a race condition after all. ;-) Inherantly
unpredictable.
> > > >> something that tries another directory name.
> > > Joey> echo unable to create temporary directory. Giving up. exit 1
> > > >>
> > > Joey> tmpfile=/tmp/tmpdir.$$/tmpfile
>
> This is safe iff you set the umask so as to make the temp directory
> unwritable by others before you create it. Otherwise the exact same
> problem applies as in Manoj's example. Since directory creation is atomic,
> cannot be affected by symlinks and in this case non-root cannot erase
> the directory or mutate the name it should be safe.
>
> Once the directory has been created then it can be used as a safe tmpdir
> with no race conditions - the permission bits prevent anyone but the owner
> from creating evil symlinks.
--
see shy jo
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: