[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Wed Dec 30 14:56:30 PST 2009
Dominique Quatravaux wrote:
> On Fri, Dec 18, 2009 at 1:58 PM, Marcus Brinkmann <
> marcus.brinkmann at ruhr-uni-bochum.de> wrote:
>
>> Rob Meijer wrote:
>>> The process of creating an anonymous file to my knowledge still uses
>>> linking into a namespace that is vulnerable to race condition attacks.
>> It's only vulnerable if used incorrectly ever since O_EXCL was added, see
>> mkstemp(3).
>>
>
> O_EXCL doesn't work on NFS, which is one of the reasons mkstemp(3) exists in
> the first place.
I am not sure if NFS is relevant to this discussion or not, but according to
the Linux NFS FAQ it works on Linux 2.6.5 (http://nfs.sourceforge.net/).
Thanks,
Marcus
More information about the cap-talk
mailing list