Subject: Re: eliminating veriexec #ifdefs in vfs_vnops.c
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 12/30/2006 07:38:03
> but can't user a race and
> replace the path after validation?

yes, it's what i meant.

> say:
> 
> 	1. userland: open(/bin/ls)
> 	2. kernel: copies in path, '/bin/ls', veriexec check, passes
> 	3. userland: mv /tmp/evil /bin/ls
> 	4. kernel: second namei(), proceeds to open the file
> 
> classic toctou. ideas?

if it's a problem for you, you shouldn't do namei twice.
(unless you are going to introduce transactions for this. :-)

YAMAMOTO Takashi