On Fri, Aug 16, 2024 at 06:19:25PM +0100, Al Viro wrote: > On Fri, Aug 16, 2024 at 09:26:45AM -0700, Linus Torvalds wrote: > > On Thu, 15 Aug 2024 at 20:03, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > > > > > It *can* actually happen - all it takes is close_range(2) decision > > > to trim the copied descriptor table made before the first dup2() > > > and actual copying done after both dup2() are done. > > > > I think this is fine. It's one of those "if user threads have no > > serialization, they get what they get" situations. > > As it is, unshare(CLOSE_FILES) gives you a state that might be possible CLONE_FILES, that is.