DemiMarie
commented
2 years ago This might be out of scope for KSPP, as it is more about how the kernel can protect userspace rather than protecting itself. If so, feel free to close it.
Closed DemiMarie closed 2 years ago
DemiMarie
commented
2 years ago This might be out of scope for KSPP, as it is more about how the kernel can protect userspace rather than protecting itself. If so, feel free to close it.
Right now, it is impossible to safely operate on a block or character device without a post-open check that it is the intended one. Lots of userspace software does not do such checks and so is subject to race conditions that can lead to it operating on the wrong device. A much better approach is to ensure that device names under
/devare not reused. If this is not possible for compatibility reasons, it would be better to have separate directories under/devthat has device nodes with names that are never reused. Userspace changes to these nodes should be limited to chmod() and friends. Unlinking them must never fail.