From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Viro To: 9fans@cse.psu.edu Subject: Re: [9fans] mv vs cp In-Reply-To: <20011008090053.Z28720@cackle.proxima.alt.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Mon, 8 Oct 2001 03:28:30 -0400 Topicbox-Message-UUID: 01120286-eaca-11e9-9e20-41e7f4b1d025 On Mon, 8 Oct 2001, Lucio De Re wrote: > On Mon, Oct 08, 2001 at 04:49:43PM +1000, George Michaelson wrote: > > > > > Any time when attacker feels like that. System where nonprivileged users > > > can cause filesystem corruption is broken. Period. > > > > Umm yes, but Alexander, when was the last time you *saw* one of these? > > > It only needs to happen once. Code Red/NIMDA anyone? Now, now. It's nowhere near the nastiness of remote root compromise, but yes, "nobody will ever try to screw me" is exactly the attitude that made them possible. As for the original question - two weeks ago, when I had demonstrated the effect to a guy who claimed the OpenBSD kernel was "bulletproof". OTOH, in case of OpenBSD it's one of the mildest problems - there being able to do rfork(RFPROC) means being able to cause kernel panic (races between fstat()/close(), dup2()/close(), write()/close() - you name it).