Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <>
From: Greg A. Woods <>
List: tech-kern
Date: 11/20/2000 17:24:23
[ On Monday, November 20, 2000 at 12:14:38 (-0800), Greywolf wrote: ]
> Subject: Re: Addition to force open to open only regular files 
> Excuse me.  He *did* show you ACCESS.

Well excuse me too, but ACCESS in this context means reading and/or
writing of the *contents* of a file -- i.e. the protected data itself,
not its *attributes*.  Yes, I know it's touchy to use security-style
terms when speaking in a Unix filesystem context, but....

Furthermore, as we all know, the timestamp attributes of a file can be
(and except for some applications like CVS, always are) safely examined
and compared *without* the use of $TZ.

Note also that CVS in particular explicitly does not support being
executed as a set-ID program *and* it even rejects being run as root.

> # Sure if some idiot writes a shell script that trys to interpret the
> # timestamps as modified by TZ then they'll get in trouble.  But that
> # would be a really idiotic thing to do now, wouldn't it.
> If they had something that could read a protected file via TZ,
> that might not be so idiotic.

About the only way $TZ could be used to read a protected file would be
if there's either a bug in the timezone libraries, or if there's a way
that either /etc/localtime or the directories and files it should point
to can be compromised.

(Unlike $HOSTALIASES which explicitly allows the user to specify any
filename to be opened and read as a list of host aliases, and then
closed thus making it trivial to compromise the contents of a tape by
causing a spurious rewind at the wrong time and also potentially making
it possible to reveal the contents of any file accessible by the
effective-ID of a set-ID program.)

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>