Re: encapsulating directory operations

Liste des GroupesRevenir à cl c 
Sujet : Re: encapsulating directory operations
De : 643-408-1753 (at) *nospam* kylheku.com (Kaz Kylheku)
Groupes : comp.lang.c
Date : 03. Jun 2025, 02:02:54
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <20250602174720.211@kylheku.com>
References : 1 2 3 4 5 6 7 8 9 10
User-Agent : slrn/pre1.0.4-9 (Linux)
On 2025-06-02, Scott Lurndal <scott@slp53.sl.home> wrote:
From the posix standard:
>
  "The purpose of the fstatat() function is to obtain the status
   of files in directories other than the current working directory
   without exposure to race conditions. Any part of the path of a
   file could be changed in parallel to a call to stat(), resulting
   in unspecified behavior. By opening a file descriptor for the target
   directory and using the fstatat() function it can be guaranteed that
   the file for which status is returned is located relative to the desired directory."

The security guarantee you want is that when you follow some path
/a/b/c/d/.., that none of the path components "a", "b", "c", "d", ...
are under the control of an adversary. Adversary means any other user
who is not you or root. (If you are root, any other user, therefore).

If, say "c" is under the control of an adversary, then the adversary can
make it a symlink, so that "d" is then anything whatsoever in any
location whatsoever.

I've developed an experimental security library called safepath
which tries to validate a path for this kind of safety.

https://www.kylheku.com/cgit/safepath/about/

Caveat: note the lack of a test suite in this project!

It doesn't rely on these functions because, it's not necesary.
If you know that /a/b/c is safe, then by induction you can proceed
to /a/b/c/d. For instance if you are root, and non-root is not able
to tamper with /a/b/c, then, generally speaking, there is no race
condition to worry about in making two accesses to c: one to check its
permissions and ownership, and another to traverse it.

--
TXR Programming Language: http://nongnu.org/txr
Cygnal: Cygwin Native Application Library: http://kylheku.com/cygnal
Mastodon: @Kazinator@mstdn.ca

Date Sujet#  Auteur
20 May 25 * encapsulating directory operations226Paul Edwards
20 May 25 +* Re: encapsulating directory operations30Lawrence D'Oliveiro
20 May 25 i+* Re: encapsulating directory operations20Paul Edwards
21 May 25 ii`* Re: encapsulating directory operations19Lawrence D'Oliveiro
21 May 25 ii `* Re: encapsulating directory operations18Paul Edwards
21 May 25 ii  `* Re: encapsulating directory operations17Lawrence D'Oliveiro
21 May 25 ii   +* Re: encapsulating directory operations3Paul Edwards
22 May 25 ii   i`* Re: encapsulating directory operations2Lawrence D'Oliveiro
22 May 25 ii   i `- Re: encapsulating directory operations1Kaz Kylheku
22 May 25 ii   `* Re: encapsulating directory operations13James Kuyper
22 May 25 ii    `* Re: encapsulating directory operations12Lawrence D'Oliveiro
22 May 25 ii     `* Re: encapsulating directory operations11James Kuyper
22 May 25 ii      `* Re: encapsulating directory operations10Lawrence D'Oliveiro
23 May 25 ii       `* Re: encapsulating directory operations9James Kuyper
23 May 25 ii        `* Re: encapsulating directory operations8Kaz Kylheku
23 May 25 ii         +* Re: encapsulating directory operations3Paul Edwards
23 May 25 ii         i+- Re: encapsulating directory operations1Kaz Kylheku
24 May 25 ii         i`- Re: encapsulating directory operations1Lawrence D'Oliveiro
23 May 25 ii         `* Re: encapsulating directory operations4James Kuyper
23 May 25 ii          `* Re: encapsulating directory operations3Kaz Kylheku
24 May 25 ii           `* Re: encapsulating directory operations2James Kuyper
24 May 25 ii            `- Re: encapsulating directory operations1Kaz Kylheku
31 May07:20 i`* Re: encapsulating directory operations9Bonita Montero
31 May22:42 i `* Re: encapsulating directory operations8Lawrence D'Oliveiro
1 Jun06:58 i  `* Re: encapsulating directory operations7Bonita Montero
1 Jun08:43 i   `* Re: encapsulating directory operations6Lawrence D'Oliveiro
2 Jun08:35 i    `* Re: encapsulating directory operations5Bonita Montero
3 Jun00:14 i     +* Re: encapsulating directory operations2James Kuyper
3 Jun02:02 i     i`- Re: encapsulating directory operations1Kaz Kylheku
3 Jun01:37 i     +- Re: encapsulating directory operations1Lawrence D'Oliveiro
3 Jun18:41 i     `- Re: encapsulating directory operations1Bonita Montero
20 May 25 +* Re: encapsulating directory operations71Keith Thompson
20 May 25 i+* Re: encapsulating directory operations25Richard Heathfield
20 May 25 ii+- Re: encapsulating directory operations1Paul Edwards
20 May 25 ii+- Re: encapsulating directory operations1David Brown
20 May 25 ii+* Re: encapsulating directory operations7Kaz Kylheku
20 May 25 iii`* Re: encapsulating directory operations6Richard Heathfield
20 May 25 iii +* Re: encapsulating directory operations2Muttley
20 May 25 iii i`- Re: encapsulating directory operations1Paul Edwards
20 May 25 iii `* Re: encapsulating directory operations3Paul Edwards
20 May 25 iii  `* Re: encapsulating directory operations2Richard Heathfield
20 May 25 iii   `- Re: encapsulating directory operations1Paul Edwards
23 May 25 ii`* Re: encapsulating directory operations15Tim Rentsch
23 May 25 ii +* Re: encapsulating directory operations5Richard Heathfield
24 May 25 ii i`* Re: encapsulating directory operations4Tim Rentsch
24 May 25 ii i `* Re: encapsulating directory operations3Richard Heathfield
28 May 25 ii i  `* Re: encapsulating directory operations2Tim Rentsch
28 May 25 ii i   `- Re: encapsulating directory operations1Richard Heathfield
26 May 25 ii `* Re: encapsulating directory operations9Peter 'Shaggy' Haywood
27 May 25 ii  +* Re: encapsulating directory operations7David Brown
27 May 25 ii  i`* Re: encapsulating directory operations6Michael S
27 May 25 ii  i +- Re: encapsulating directory operations1David Brown
28 May 25 ii  i `* Re: encapsulating directory operations4Tim Rentsch
28 May 25 ii  i  `* Re: encapsulating directory operations3Michael S
28 May 25 ii  i   `* Re: encapsulating directory operations2Kaz Kylheku
29 May 25 ii  i    `- Re: encapsulating directory operations1David Brown
28 May 25 ii  `- Re: encapsulating directory operations1Tim Rentsch
20 May 25 i`* Re: encapsulating directory operations45Paul Edwards
20 May 25 i +* Re: encapsulating directory operations41David Brown
20 May 25 i i`* Re: encapsulating directory operations40Paul Edwards
20 May 25 i i +* Re: encapsulating directory operations10Richard Heathfield
20 May 25 i i i`* Re: encapsulating directory operations9Paul Edwards
20 May 25 i i i `* Re: encapsulating directory operations8Richard Heathfield
20 May 25 i i i  +* Re: encapsulating directory operations2Paul Edwards
20 May 25 i i i  i`- Re: encapsulating directory operations1Kaz Kylheku
21 May 25 i i i  +- Re: encapsulating directory operations1Lawrence D'Oliveiro
21 May 25 i i i  `* Re: encapsulating directory operations4James Kuyper
21 May 25 i i i   `* Re: encapsulating directory operations3Richard Heathfield
21 May 25 i i i    `* Re: encapsulating directory operations2David Brown
21 May 25 i i i     `- Re: encapsulating directory operations1Richard Heathfield
20 May 25 i i `* Re: encapsulating directory operations29David Brown
20 May 25 i i  +* Re: encapsulating directory operations6Richard Heathfield
20 May 25 i i  i+* Re: encapsulating directory operations4Kaz Kylheku
20 May 25 i i  ii`* Re: encapsulating directory operations3Richard Heathfield
20 May 25 i i  ii +- Re: encapsulating directory operations1Richard Heathfield
20 May 25 i i  ii `- Re: encapsulating directory operations1Kaz Kylheku
21 May 25 i i  i`- Re: encapsulating directory operations1David Brown
20 May 25 i i  +- Re: encapsulating directory operations1Kaz Kylheku
20 May 25 i i  +* Re: encapsulating directory operations2Richard Heathfield
20 May 25 i i  i`- Re: encapsulating directory operations1Richard Heathfield
20 May 25 i i  +* Re: encapsulating directory operations6Paul Edwards
20 May 25 i i  i+- Re: encapsulating directory operations1Keith Thompson
21 May 25 i i  i`* Re: encapsulating directory operations4Lawrence D'Oliveiro
21 May 25 i i  i `* Re: encapsulating directory operations3Paul Edwards
29 May 25 i i  i  `* Re: encapsulating directory operations2Lawrence D'Oliveiro
30 May09:41 i i  i   `- Re: encapsulating directory operations1Paul Edwards
20 May 25 i i  +* Re: encapsulating directory operations9Paul Edwards
21 May 25 i i  i`* Re: encapsulating directory operations8Richard Heathfield
21 May 25 i i  i `* Re: encapsulating directory operations7Paul Edwards
21 May 25 i i  i  +- Re: encapsulating directory operations1Richard Heathfield
21 May 25 i i  i  `* Re: encapsulating directory operations5David Brown
21 May 25 i i  i   `* Re: encapsulating directory operations4Richard Heathfield
21 May 25 i i  i    +- Re: encapsulating directory operations1Michael S
22 May 25 i i  i    `* Re: encapsulating directory operations2James Kuyper
22 May 25 i i  i     `- Re: encapsulating directory operations1Kaz Kylheku
20 May 25 i i  +- Re: encapsulating directory operations1Paul Edwards
21 May 25 i i  `* Re: encapsulating directory operations3David Brown
21 May 25 i i   `* Re: encapsulating directory operations2Paul Edwards
21 May 25 i i    `- Re: encapsulating directory operations1David Brown
21 May 25 i `* Re: encapsulating directory operations3Lawrence D'Oliveiro
21 May 25 i  `* Re: encapsulating directory operations2Paul Edwards
20 May 25 +* Re: encapsulating directory operations119Kaz Kylheku
21 May 25 +* Re: encapsulating directory operations3Janis Papanagnou
22 May 25 +- Re: encapsulating directory operations1Bonita Montero
25 May 25 `- Re: encapsulating directory operations1Tim Rentsch

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal