[plug] Kernel 2.4.10

Grahame Bowland grahame at ucs.uwa.edu.au
Tue Sep 25 12:57:21 WST 2001


On Tue, 2001-09-25 at 12:44, Christian wrote:
> On Tue, Sep 25, 2001 at 12:09:34PM +0800, Jason Nicholls wrote:
> > On Tue, Sep 25, 2001 at 11:07:25AM +0800, Simon Scott wrote:
>  
> > Well to make things a little clearer, the linux kernel is preemptive already,
> > ie: it will switch tasks when the scheduler sees fit ensuring all processes
> > get their fair share of CPU time. BUT when a process is in a system call it
> > cannot be preempted. This patch adds kernel preemption. From the patch site:
> 
> Does anyone know if the security implications of this have been
> considered?  For example, previously the open() system call was atomic
> so, if used with the O_EXCL option, this would be a safe way of creating
> a new temporary file without inadvertently truncating another file if
> subject to a symlink attack.  Now it would seem this may not be the case
> since it is possible for the open() call to be interrupted.  This opens
> up the possibility of the attacker being able to exploit this new race
> condition where previously there was none.

I think the idea is to allow preemption while maintaining the atomic
behaviour. If things aren't atomic then it /all/ breaks, not just
security. 2.4.x has a fine-grained locking model, presumably they're
doing locking to prevent races like the one you describe above. So it
doesn't matter if an open() syscall is interrupted as long as nothing
else touches that filesystem; writing to an audio device would not be a
problem.

-- 
Grahame Bowland, Network and Systems Administrator
University Communications Services, The University of Western Australia
Phone: +61 8 9380 1175




More information about the plug mailing list