On Monday 28 September 2009 18:04:10 Miklos Szeredi wrote: > The point of the above example was that reopening a file descriptor > with upgraded (or downgraded) access mode is even now possible. Which > either means: > > a) the current permission model under /proc/PID/fd has a security > hole (which Jamie is worried about) No worries -- access to /proc/PID/fd/* requires ptrace access to PID, so we do not have a security hole here. The ptrace checks were introduced here: 778c1144771f0064b6f51bee865cceb0d996f2f9 df26c40e567356caeefe2861311e19c54444d917 Cheers, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
