Re: Some ostree observations
- From: Colin Walters <walters verbum org>
- To: Florian Weimer <fweimer redhat com>
- Cc: ostree-list <ostree-list gnome org>
- Subject: Re: Some ostree observations
- Date: Wed, 26 Feb 2014 21:36:46 +0000
On Tue, Feb 25, 2014 at 2:08 PM, Florian Weimer <fweimer redhat com> wrote:
You could use lsetxattr and /proc/self/fd/%d/%s. It shows up as a symlink, but no symlink resolution is performed.
Oooh, clever. I had forgotten about the /proc/self trick. Done now!
It will still be vulnerable to attacks based on hard links. As a result of your linking farms, I don't think you'll be able to defend against those.
How about keeping all directories owned by root:root and mode 0700 until they're fully populated, then doing the fchown/fchmod on the dirfd?
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]