Prev: [PATCH 1/6] block: Implement a blk_yield function to voluntarily give up the I/O scheduler.
Next: jbd[2]: enhance fsync performance when using CFQ
From: Frank Heckenbach on 2 Jul 2010 16:20
Using /proc/*/fd, you can get read/write access to a pipe that you
have read-only or write-only access to. The program below
demonstrates this. It reads and writes through the "0" fd.
Tested with 2.6.34, i686.

At first sight, it doesn't look too serious if a program can write
to its own readable pipe, or read from its writeable pipe, but
perhaps I'm just not creative enough to see an exploit. Also, I
don't know it it might affect other file types where it might be a
real problem. At least, it does seem to violate the permissions.

#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>

int main ()
{
char a, n[64];
int p[2], f, r;
pipe (p);
sprintf (n, "/proc/self/fd/%i", p[0]);
f = open (n, O_RDWR);
write (f, "x", 1);
r = read (f, &a, 1);
fprintf (stderr, "%i %c\n", r, a);
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH 1/6] block: Implement a blk_yield function to voluntarily give up the I/O scheduler.
Next: jbd[2]: enhance fsync performance when using CFQ