[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MiNT 1.11 BETA: bug in pipefs/shmfs/procfs



Andreas Schwab writes:

> The pipe and shm filesystems set the owner of the created files to the
> real id of the process, but denyaccess uses the effective id to test
> access rights. This means that a process with different real and
> effective ids cannot open the files it creates if the effective uid is
> not root. For example, ftpd runs with real uid 0 and sets the
> effective uid to the logged-in user, and Fpipe will fail to open the
> pipe it just has created. The same problem exists on the proc fs,
> where such a process could not open its own process file (not very
> likely to happen, though...)

Apparently, the same problem occurs in ramfs and minixfs. I don't think
there is any reason to use the real uid/gid for file creation, since it
is inconsistent with the access-checking scheme. All the Linux
filesystems use the effective uid/gid for file creation, and it makes
much more sense in my opinion.

So I would advise anyone who wants to avoid the "cannot delete lockfile"
syndrome to patch ramfs and minixfs as well.

(One possible caveat is: how does MiNT implement the bsd semantics of
setgid directories? If it temporarily changes the gid of the process
before calling the filesystem driver, it should rather change the
effective gid!)

Thierry.