On Tue, 24 Nov 2009, Pavel Machek wrote: > I believe that current semantics is ugly enough that 'documenting' it > is not enough... and people want to port from other systems, too, not > expecting nasty surprises like this... This hasn't been a problem for the last 12 years, and still we don't see script kiddies exploiting this hole and sysadmins hurrying to secure their system, even though it has been public for quite a while. Why? The reason might be, that there *is no* violation of security. See this: the surprise isn't that an inode can be reached from multiple paths, that has been possible with hard links for as long as unix lived. The suprise is that the inode can be reached through proc. So this "hole" that has been opened about 12 years ago in linux is quite well known. Only this particular aspect of it isn't well known, but that doesn't mean it's not right, does it? Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
