Hi! > > > > > This one behaves similarly to the /proc/<pid>/fd/ one - it contains symlinks > > > one for each mapping with file, the name of a symlink is "vma->vm_start-vma->vm_end", > > > the target is the file. Opening a symlink results in a file that point exactly > > > to the same inode as them vma's one. > > > > We should fully work through Pavel Machek's comments, please. For some > > reason I'm a bit paranoid about security lately :( > > Pavel, I somehow lost. What exactly the security issue here? There are a few > patches from Vasiliy in -mm queue at moment. In particular one includes > .permission set for fd/ handling. So I've updated the map_files as well > (it's below). So please review and point me where the problem > is. Thanks! AFAICT, this recreates existing problem with /proc/<pid>/fd (see discussion at http://www.securityfocus.com/archive/1/507386/30/0/threaded ). It creates object that looks like symlink, but does not behave as one, and permissions of directories are not checked as they would be if it was a symlink. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
