Re: Some ostree observations
- From: Florian Weimer <fweimer redhat com>
- To: Colin Walters <walters verbum org>
- Cc: ostree-list <ostree-list gnome org>
- Subject: Re: Some ostree observations
- Date: Thu, 27 Feb 2014 07:29:44 +0100
On 02/26/2014 10:36 PM, Colin Walters wrote:
It will still be vulnerable to attacks based on hard links. As a
result of your linking farms, I don't think you'll be able to defend
against those.
How about keeping all directories owned by root:root and mode 0700 until
they're fully populated, then doing the fchown/fchmod on the dirfd?
If you create all the directories from scratch, this is a good practice
to follow anyway and would address this issue as well.
--
Florian Weimer / Red Hat Product Security Team
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]