First off - an odd technicality: you can already read write-only files
by simply mmap'ing them, because on many architectures PROT_WRITE ends
up implying PROT_READ too.
So you should basically expect that "I have permissions to write to
the file" automatically means that you can read it too.
People simply do that "open for writing, mmap to change it" and expect
it to work - not realizing that that means you have to be able to read
it too.
Thank you for the explanation. Unfortunately I was not able to reproduce
this. I do understand, that being able to write to memory without being
able to read from it cannot be implemented because of hardware
limitations on many architectures.
However using a writeonly fd in a call to mmap() in the first place
already consistently fails for me. According to the man pages this is
actually intended behavior. "Errors: EACCESS: [... If] a file mapping
was requested, but fd is not open for reading."
Therefore I do not see how it is possible to read out data without a
readable fd, since no mapping can be created without read permissions. I
assumed readability not being a subset of writability for files was the
exact reason for this limitation on the fd in mmap(). Do I miss
something here?
But
- if (!inode_permission(mnt_userns, inode, MAY_WRITE))
+ if (!inode_permission(mnt_userns, inode, MAY_READ | MAY_WRITE))
looks wrong.
Note that readability is about the file *descriptor*, not the inode.
Because the file descriptor may have been opened by somebody who had
permission to read the file even for a write-only file.
I do agree. At least it did not look typical for me. The idea for the
patch was simply to have the smallest possible change for this specific
issue.
Best regards,
Ansgar
--
M.Sc. Ansgar Lößer
Fachgebiet Kommunikationsnetze
Fachbereich für Elektrotechnik und Informationstechnik
Technische Universität Darmstadt
Rundeturmstraße 10
64283 Darmstadt
E-Mail: ansgar.loesser@xxxxxxxxxxxxxxxxxxx
http://www.kom.tu-darmstadt.de