Here's a good rule of thumb:
In security, if you need to ask, it's probably broken.
The way to do security design is NOT by throwing a few kludgy hacks
against the wall and seeing if any of them stick. That's a recipe for
security holes. The way you get security right is by building a clean,
simple design that you can convincingly argue to be correct. In security,
you don't write code until you've got your assurance argument down pat.
If you can't convince yourself it's correct, it's probably not.
> copy_from_user(name1, userfilename, ...);
> ret = original_unlink(userfilename);
> copy_from_user(name2, userfilename, ...);
Insecure. Simply exploit the race condition twice: once just before
the original_unlink() to change the string to a dangerous filename,
then a second time just after the original_unlink() to change it back.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/