[patch] add modes to open call of ismounted
Rob Landley
rob at landley.net
Sun Jul 30 12:28:13 PDT 2006
On Friday 28 July 2006 11:04 pm, Rich Felker wrote:
> BTW, I accept in general your principle of not fixing stuff unless it
> actually has practical problems, as opposed to just theoretical
> correctness issues. BUT... security is _not_ a place you can apply
> that principle. A potential vuln _is_ exploitable unless you can
> _prove_ otherwise. To treat it any other way is utterly irresponsible.
I am fixing it, by removing the current entire contents of the e2fsprogs
directory. (I finally read up enough on e2fsck that I think I can clean up
that one too. There's an old paper on the subject that gives the design
pretty clearly.) The only question was whether it was worth patching -stable
in the meantime.
And yes, "the suid bit" is a valid objection. Not something an attacker can
trigger except by luck, but still valid.
Rob
--
Never bet against the cheap plastic solution.
More information about the busybox
mailing list