* [9fans] serious bug in ramfs and code based on it
@ 2023-05-04 2:32 ibrahim via 9fans
0 siblings, 0 replies; only message in thread
From: ibrahim via 9fans @ 2023-05-04 2:32 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 1016 bytes --]
The classic implementation of ramfs and many other user fileservers based on it have a serious bug regarding the 9p protocol :
If you open a file for which you have Read/Execute Permission you are free to write to that file by sending Twrite requests.
*rwrite doesn't check if the file was opened for read, write or execute. *
A possible solution for this problem is enhancing the meaning of Fid.open from an indicator for open files to an indicator for open files and the mode they were opened :
0x80 ... file is open
0x40 ... opened for reading
0x20 ... opened for writing
0x10 ... opened for execution
While ramfs is regared as a toy program with minimal permission checking many user file servers around are based on this example like all the tools in tapefs.
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
[-- Attachment #2: Type: text/html, Size: 1732 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-05-04 2:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-04 2:32 [9fans] serious bug in ramfs and code based on it ibrahim via 9fans
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).