Bad file access on the rise

Oron Peled oron at
Sat Jun 8 06:11:56 UTC 2013

On Friday 07 June 2013 18:55:46 Lennart Poettering wrote:
> > > On Fri, 07.06.13 12:09, Steve Grubb (sgrubb at wrote:
> > > > > > Maybe the uid can be encoded in the name so that wrong uid's are
> > > > > > skipped?
> User "simo" creates /dev/shm/1000/ even though 1000 is the UID of user
> "lennart". Lennart can never start PA again, ever. And can't do anything
> about it, because "simo" is in control, and /dev/shm is sticky.

Why the UID has to be encoded in the name?
 * The application can simply issue an lstat() before open() and skip
    files with wrong uid's.

 * Obviously, an attacker could try and trigger some race condition on
    the name, but than it's OK for the audit to shout about it.

What am I missing?

Oron Peled                                 Voice: +972-4-8228492
oron at        
You know, someone once told me that New York has more lawyers than people.
                                         -- Warren Buffett, Fortune, 1999

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list