On Mon 2009-09-28 18:04:10, Miklos Szeredi wrote: > On Mon, 28 Sep 2009, Andreas Dilger wrote: > > On Sep 28, 2009 12:25 +0200, Miklos Szeredi wrote: > > > BTW I just checked, and it is possible to re-open or promote an fd > > > opened with O_NODE like this: > > > > > > char tmp[64]; > > > > > > fd = open(filename, O_NODE | O_NOACCESS); > > > /* ... */ > > > sprintf(tmp, "/proc/self/fd/%i", fd); > > > fd_rw = open(tmp, O_RDWR); > > > > > > Now fd_rw is guaranteed to refer to the same inode as fd. > > > > It seems very unpleasant to require applications using O_NODE to > > reopen files using /proc. > > The point of the above example was that reopening a file descriptor > with upgraded (or downgraded) access mode is even now possible. Which > either means: > > a) the current permission model under /proc/PID/fd has a security > hole (which Jamie is worried about) I believe its bugtraq time. Being able to reopen file with additional permissions looks like a security problem... Jamie, do you have some test script? And do you want your 15 minutes of bugtraq fame? ;-). Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
