Tony Finch <dot@xxxxxxxx> wrote: > Attacker opens [directory] and waits. ... > Attacker uses openat() to open and modify the "private" file. Surely if the permissions do not allow lookup then openat() will fail. [The attacker opened directory when it was searcheable; then permissions were closed; then attacker attempts openat().] Surely directory contents are not cached??!! Cheers, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
