This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Too many race conditions.

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Andrew Haley <aph-gcc at littlepinkcloud dot COM>
Cc: David Daney <ddaney at avtrex dot com>, java at gcc dot gnu dot org
Date: Sun, 20 May 2007 22:02:48 +0200
Subject: Re: RFC: Too many race conditions.
References: <464F3346.6040700@avtrex.com> <18000.10787.898597.868050@zebedee.pink>

* Andrew Haley:

> Hmm.  This depends, does it not, on the fact that a blocking call does
> not return when a file descriptor is closed?  This sounds to me like a
> bug in the kernel,

I think the fundamental issue is that the object associated with the
descriptor might change before the system call is even issued.

> Is this an exploitable security hole?  I suppose it is.

Yes, that is my hunch as well.  Which means that it needs to be fixed
if you ever want to support mobile code.

Follow-Ups:
- Re: RFC: Too many race conditions.
  - From: mark

References:
- RFC: Too many race conditions.
  - From: David Daney
- Re: RFC: Too many race conditions.
  - From: Andrew Haley

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]