On Sat, Jul 24, 2010 at 08:07:01PM +0400, Vasiliy Kulikov wrote: > Hi, > > I've found that some drivers check process capabilities via capable() in > open(), not in ioctl()/write()/etc. > > I cannot find answer in POSIX, but IMO process expects that file > descriptors of priviledged user and file descriptors of the same > file/device are the same in priviledge aspect. Driver should deny/allow > open() and deny/allow ioctl() based on user priviledges. The path how > the process gained this fd doesn't matter. > > So I think these 2 examples should be equal: > > 1) root process opened the file and then dropped its priviledges > > 2) nonroot process opened the file They most certainly should _not_. Consider the following mechanism: process A authenticates itself to process B B is convinced to open a file that wouldn't be readable for A. B passes descriptor to A. A reads from it. You are breaking that. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html