|From:||William ML Leslie|
|Subject:||Re: [VULN 4/4] Process auth man-in-the-middle|
|Date:||Fri, 5 Nov 2021 21:45:24 +1100|
William ML Leslie, le ven. 05 nov. 2021 21:18:50 +1100, a ecrit:
> > which makes the root filesystem reauthenticate all of the
> > processes file descriptors.
> It seems to eliminate a rather convenient method of delegation; a
> process opening a descriptor, forking and executing a child, and
> dropping privileges, while retaining access to that one resource.
reauthenticating doesn't mean closing. File permissions for open are
checked at the open step, not later on. But then there are other things
than just opening a file, such as starting a translator, which we don't
necessarily want to let the unprivileged-with-one-opened-file do.
|[Prev in Thread]||Current Thread||[Next in Thread]|