On Mon 14-04-08 12:22:02, Lennart Sorensen wrote: > On Mon, Apr 14, 2008 at 06:20:31PM +0200, Jan Kara wrote: > > Well, as Jiri Kosina wrote, this isn't a problem unless someone finds > > a way how to use this race for some attack (and for example making f_pos > > negative compromises security so it is not so far-fetched as it would > > seem). So proactively fixing this makes some sence. > > But you would have to be part of that process to affect the filehandle > wouldn't you? If you are part of the process already wouldn't it be > easier to manipulate things directly rather than playing with the > filehandle position? Well, but imagine you have a file /proc/my_secret_file from which you are able to read from position A:a and B:b but not from position A:b. Concievably, checks for the file position could be bypassed because of this race... I know this is kind of dumb example but I can imagine someone can eventually find something like this. So I guess one spin lock/unlock pair is a price worth paying in the callpath which is quite long anyway. Honza -- Jan Kara <jack@xxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
