prelink should not mess with running executables
Sam Varshavchik
mrsam at courier-mta.com
Mon Jul 16 00:44:10 UTC 2012
Chris Adams writes:
> Once upon a time, Sam Varshavchik <mrsam at courier-mta.com> said:
> > A means for authenticating a filesystem domain socket's peer. Receive the
> > peer's credentials, then check /proc/pid/exe and /proc/self/exe. If they're
> > same, the daemon is talking to another instance of itself.
>
> Is there anything that actually does that and depends on the result?
> Such a check would be inherently racey.
The only race condition exists in this situation, that I can see, is an
impostor making the filesystem domain connection, sending the credentials
under the original pid, forking, and have the original process exec the
process being impersonated.
Setting aside the likelyhood of a succesfull exploit, the race is
preventable simply by requiring the peer resend its credentials, after
validating the peer's pathname, and verifying that the pid did not change.
Don't panic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120715/7862f2bb/attachment.sig>
More information about the devel
mailing list