Bug 145264 - /var/lock has wrong permissions
Summary: /var/lock has wrong permissions
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: lockdev
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-16 06:28 UTC by Jonathan Scott Duff
Modified: 2007-11-30 22:10 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2005-09-08 10:34:31 UTC


Attachments (Terms of Use)

Description Jonathan Scott Duff 2005-01-16 06:28:16 UTC
Description of problem:

The /var/lock directory created by the lockdev RPM has permissions
that allow multiple users to attempt access to the same device.  

This is how I found the problem: 
1. login as user A, run minicom modem
2. login as user B on the same machine but on a different terminal,
run minicom modem
  
Any device will do however.

Actual results:

Both user A and user B have access to the modem device in a
competitive sort of way

Expected results:

User B should be denied access. minicom modem for user B should return
"operation not permitted"

Additional info:

I'm not quite sure of my diagnosis, but I do know that when I changed
the permissions of /var/lock to 1775 rather than 0775, the problem
went away.

Comment 1 Karel Zak 2005-02-18 14:05:05 UTC
The directory /var/lock is write-able for root and group 'lock'. Everyone who
can work with locks need to access to locks created by other processes and
users. You need to remove foreign lock if the original process doesn't exist.

- process A create lock
- process A crash and the lock file is still there
- process B detect that there is lock, but owner of lock doesn't running
- process B remove old lock and creates new one with own PID

See: http://www.pathname.com/fhs/pub/fhs-2.3.html


Note You need to log in before you can comment on or make changes to this bug.