> No, I mean something else. Assume you have a task, which does the > steps: > > 1) opens some sensitive file as root. This file is e.g. 0700. > > 2) mmaps the file via opened fd, either RO or RW. > > 3) closes fd. > > 4) drops root. > > Now it has a mapping of a privileged file, but cannot get fd of it > anyhow. With map_files/ he may open his own /proc/$$/map_files/, pass > ptrace() check, and get fd of the privileged file. He cannot explicitly > open it as it is 0700, but he may open it via map_files/ and get RO/RW > fd. > What is the problem here - the fact that we have some file considered to be private be open-able by somebody else, or the fact that we can truncate the file being mapped? If the fist issue stands, then it also stands for /proc/pid/fd and thus we don't introduce the new problem. If the second, then it's not a problem as mm can handle this already. Thanks, Pavel -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
