On Tue, Nov 5, 2019 at 7:29 AM Mike Rapoport <rppt@xxxxxxxxxxxxx> wrote: > > Current implementation of UFFD_FEATURE_EVENT_FORK modifies the file > descriptor table from the read() implementation of uffd, which may have > security implications for unprivileged use of the userfaultfd. > > Limit availability of UFFD_FEATURE_EVENT_FORK only for callers that have > CAP_SYS_PTRACE. Thanks. But shouldn't we be doing the capability check at userfaultfd(2) time (when we do the other permission checks), not later, in the API ioctl?
