On Mon, 26 Oct 2009, Matthew Dempsky wrote: > On Mon, Oct 26, 2009 at 9:01 AM, Tony Finch <dot@xxxxxxxx> wrote: > > > > Attacker uses openat() to open and modify the "private" file. > > At least with Linux 2.6.18, you still need +x permission on the > directory to access its contents using openat(2). According to POSIX, if you open the directory with O_SEARCH then openat() does not re-check search (+x) permissions. Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
