Re: [PATCH] new syscall: flink

H. Peter Anvin (hpa@zytor.com)
6 Apr 2003 22:25:51 -0700


Followup to: <b6qo2a$ecl$1@cesium.transmeta.com>
By author: "H. Peter Anvin" <hpa@zytor.com>
In newsgroup: linux.dev.kernel
>
> This, I believe, is the real issue. However, we already have that
> problem:
>

[Sample code]

Here is a better piece of sample code that actually shows a
permissions violation happening:

[...]
mkdir("testdir", 0700) = 0
open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
write(3, "Ansiktsburk\n", 12) = 12
close(3) = 0
open("testdir/testfile", O_RDONLY) = 3
chmod("testdir", 0) = 0
open("/proc/self/fd/3", O_RDWR) = 4
write(4, "Tjo fidelittan hatt!\n", 21) = 21
exit_group(0) = ?

----snip----

#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <limits.h>

int main(int argc, char *argv[])
{
int sfd, rfd, wfd;
char filebuf[PATH_MAX];

mkdir("testdir", 0700);

/* Create the file legitimately */
sfd = open("testdir/testfile", O_WRONLY|O_CREAT|O_TRUNC, 0666);
write(sfd, "Ansiktsburk\n", 12);
close(sfd);

/* Open read-only file descriptor */
rfd = open("testdir/testfile", O_RDONLY);

/* Make directory inaccessible */
chmod("testdir", 0);

/* Open read-write file descriptor */
sprintf(filebuf, "/proc/self/fd/%d", rfd);
wfd = open(filebuf, O_RDWR);

/* Clobber file */
write(wfd, "Tjo fidelittan hatt!\n", 21);

return 0;
}

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/