Re: [PATCH v4 2/5] pid: Add PIDFD_IOCTL_GETFD to fetch file descriptors from processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Dec 18, 2019 at 3:55 PM Sargun Dhillon <sargun@xxxxxxxxx> wrote:
>
> +
> +       if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
> +               file = ERR_PTR(-EPERM);
> +               goto out;
> +       }

I don't think this is MODE_READ.  By copying an fd from the task, you
can easily change its state.

IMO it would be really nice if pidfd could act more like a capability
here and carry a ptrace mode, for example.  But I guess it doesn't
right now.


--Andy
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux