Comment 38 for bug 885027
Revision history for this message
| Dan Rosenberg (dan-j-rosenberg) wrote | #38 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
This has been fun, but in case you're actually interested in fixing the problem, I am still willing to help.
One way to fix races with the mountpoint is to chdir into the mountpoint, stat "." and check ownership, and mount on top of ".". That way there's no risk of users changing components of the mountpoint path out from under you. If the chdir fails, give a non-descriptive error message that does not delineate between the cause of failure for the chdir (otherwise an attacker can use this to determine the existence of files and directories in search paths he can't navigate to).
To fix races with the mount source, you should check against /dev/shm, as this is the only world-writable directory in most /dev filesystems that I know of.
That would at least solve the two biggest problems here, and then we can move on to addressing the smaller ones.