Hi! > >That race is easily fixed. > > No, you're not right. > > > After chmodding the directory to 0700, *first* > >check the link count, *then* chmod the file to 0666: > > > > User1 creates file with permissions 0644 > > User2 opens file for read access on file descriptor 4 > > User1 chmod's directory to 0700 > > User1 verifies no hard links to file > > Here's a window, during which User2 is able to create a hardlink and > that will remain unnoticed by User1. There's no way to perform link > check and conditionally do chmod in an atomic manner. 0700 on directory prevents hardlink creation, see? pavel@amd:/tmp$ mkdir my_dir pavel@amd:/tmp$ cd my_dir/ pavel@amd:/tmp/my_dir$ ls pavel@amd:/tmp/my_dir$ > foo pavel@amd:/tmp/my_dir$ chmod 700 . pavel@amd:/tmp/my_dir$ su guest Password: guest@amd:/tmp/my_dir$ ln foo /tmp/bar ln: accessing `foo': Permission denied guest@amd:/tmp/my_dir$ You need x bit on directory to look up foo. > >Excluding the /proc route, at no point during this sequence, User2 could > >have opened the file for writing. Therefore, User1 expects (justified, > >imo) that User2 cannot write to the file. The writability of /proc/$$/fd/4 > >violates this expectation. > > > Again, you're not right. See above. No, he's right, see above. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html