Hi! > On Mon, Apr 21, 2014 at 6:22 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > This patch does this: > > I can see _what_ the patch does, but your patch lacks any discussion > _why_ it is needed. Can you provide at least one real example where > this fixes a security issue? Such as here? http://www.securityfocus.com/archive/1/507386 > > This may break userspace. If so, I would guess that anything broken > > by it is either an actual exploit or is so broken that it doesn't > > deserve to continue working. If it breaks something important, then > > maybe it will need a sysctl. > > This patch breaks the following use-case: > > fd = open("/run", O_RDWR | O_TMPFILE); > sprintf(path, "/proc/self/fd/%d", fd); > fd2 = open(buf, O_RDONLY); You meant open(path, ) here? > sprintf(path, "/proc/self/fd/%d", fd2); > linkat(AT_FDCWD, path, AT_FDCWD, "/run/some_lock_file", AT_FOLLOW_SYMLINK); > > I mean I explicitly create the object as _writable_ but then keep a > read-only descriptor for debugging purposes (to make sure that the > program no longer writes to the file). This is no security feature, > but only a safety feature in case something goes wrong. But I still > want to be able to create hard-links (I _do_ have write-permissions on > the object/inode). Does some real code do it? I believe this deserves to be broken -- you explicitely opened that read-only... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
