elladan> It's perfectly legal for the shell to sit around with a file
elladan> open and pass it off to a child, even if the disk is full.
elladan> It's also perfectly legal for root to write to the fd, even
elladan> if the disk is full (for normal users).
elladan> It just happens that the suid program wasn't the one who
elladan> chose what file it was going to write stdout to - the shell
elladan> did.
This is why in SVr4, struct cred is cloned at open time, and passed
down to each VFS operation.
There's a choice of security modules here--- should the credentials
of the opener or the credentials of the writer determine the use of
the extra space? I think in this case it ought to be the credentials
of the opener. Also, I'm not sure that mount(8) should be a setuid
program. (I know it's convenient for floppy mounts, but I'd rather
they were handled by autofs)
Peter C
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/