On Fri, Jul 02, 2021 at 03:40:49PM -0500, Eric W. Biederman wrote: > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > > > On Fri, Jul 2, 2021 at 11:43 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > >> > >> Uhm, this is only checked in open(), and never again? Is this safe in > >> the face of exec or pid re-use? > > Exec does not change the file descriptor table. Ah yeah, good point. I've been thinking too much about vmas. > The open holds a reference to the proc inode. The proc inode holds the > struct pid of the task and the file descriptor number. References using > struct pid do not suffer from userspace pid rollover issues. Okay, cool. > So the only issue I see is file descriptor reuse after an exec, > that changes the processes struct cred. Right -- the info leak would be snooping on what a privileged process was doing with a given fd? Similar stuff has been used to do typing pattern analysis with login passwords, but that's a stretch here, I think. Hmm. > Assuming we care it would probably be worth a bug fix patch to check > something. Sounds good. -- Kees Cook
