Hi On Tue, Apr 22, 2014 at 5:24 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > On Tue, Apr 22, 2014 at 8:19 AM, David Herrmann <dh.herrmann@xxxxxxxxx> wrote: >> In other words, the bug you describe is that /proc/pid/fd/ allows >> access to objects without a reachable path to the only _real_ >> filesystem link. But isn't the same true for openat()? > > I don't think so. openat doesn't work on fds for things that aren't > directories. Sorry, I wasn't precise enough: I meant the same 'leak' occurs if you keep a dir-fd on the directory in question _before_ it is set to 0600. Just like the example race keeps a file-fd to the file in question. So after the directory is set to 0600 you can use that dir-fd via openat() to avoid the whole path-lookup just like you do it via /proc. Thanks David -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
