thread pool helpers
Gerald Carter
jerry at plainjoe.org
Thu Apr 30 14:56:37 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
tridge at samba.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hi Jerry,
>
>> Nope. Access checks are in users space.
>
> do you do anything to combat the race conditions? For example, a user
> might exploit a user space access check by doing this:
>
> while :; do
> ln -sf /etc/shadow /home/baduser/myfile.txt
> ln -sf /home/baduser/innocent.txt /home/baduser/myfile.txt
> done
>
> then try to access myfile.txt via SMB. If the access check happens
> while the file points at innocent.txt and the real open happens while
> pointing at /etc/shadow then the user will end up opening
> /etc/shadow. Implementing the above hack in C raises the chances of
> success as well.
>
> You can do inode number checks to combat this a bit, but that doesn't
> work for newly created files in sensitive locations.
Honestly, right now it doesn't. I'm still working on it.
But for a create disposition of FILE_OPEN, technically
you could open() and operate on the fd exclusively. SO
right now this would be something like:
fd = open()
secdesc = GetSecurityDescriptor(fd)
if (!RtlAccessCheck(token, secdesc)) {
close(fd)
}
SaveFdToFileHandle(fd)
Do you agree?
The create/overwrite is a little tricker. I'll have
to think about an answer for those cases more.
>> However, for platforms that could give me a per
>> thread setreuid(), I would look at using that.
>
> strangely enough, the Linux kernel can give you that,
> if you bypass glibc and use syscall() to change your euid.
Ahh...I thought this was considered a bug and disabled in
newer kernels. Sounds like I need to go back and read
up some more.
> Rusty is currently trying to build "libantithread" which
> tries to provide this functionality on top of fork().
>
> See http://ccan.ozlabs.org/info/antithread.html
Cool. Thanks for the link.
cheers, jerry
- --
=====================================================================
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJ+bwlIR7qMdg1EfYRApFwAJ9sNJEADIPUNpOjVvEnmC3jgQJmywCfU+fQ
IkWRFEx222NpvZopIYS4TJ0=
=yEMN
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list