Bug#508867: still exists I think

To: 508867@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#508867: still exists I think
From: Tim Connors <reportbug@rather.puzzling.org>
Date: Mon, 4 Apr 2011 18:52:54 +1000 (EST)
Message-id: <[🔎] alpine.DEB.2.00.1104041826110.7756@maxwell.rather.puzzling.org>
Reply-to: Tim Connors <reportbug@rather.puzzling.org>, 508867@bugs.debian.org

reopen #508867
thanks

Didn't realise the bug was marked as moreinfo.

As much as the kernel is claimed to be fixed, I'm pretty sure I was still
seeing this bug with 2.6.32.  I have quit the job with the machine I
encountered this on, and my other machines are in storage, so I can't
verify for another couple of weeks until I get those machines out of
storage and the interweb connected again.

But can't we just swap the order of the access() and open() as a stopgap
(a stopgap only, since I still believe, as per my third message to this
bug, that the access() is a racy check, I should probably file that as a
separate bug for someone with more of a security-inclination to actually
check)?

That way the vfs cache will definitely be invalidated (by the open), and
the access can still do its (faulty) permissions check on the real user
and bail out before any harm is done.

Both calls in AuGetAddr.c and AuGetBest.c would need be modified, and
don't forget to close auth_file if it was successfully opened, but
access() failed.

Reply to:

Follow-Ups:
- Processed: still exists I think
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#577976: xserver-xorg-video-vesa: New VESA driver excrutiatingly slow
Next by Date: Processed: still exists I think
Previous by thread: Bug#577976: marked as done (xserver-xorg-video-vesa: New VESA driver excrutiatingly slow)
Next by thread: Processed: still exists I think
Index(es):
- Date
- Thread