Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > On Fri, Jul 2, 2021 at 4:31 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> >> Right -- the info leak would be snooping on what a privileged process >> was doing with a given fd? Similar stuff has been used to do typing >> pattern analysis with login passwords, but that's a stretch here, I >> think. Hmm. > > So I think you'd see the directory list, but generally that's just the > file descriptor numbers. > > Which is information you shouldn't have access to, but it's probably > not very *interesting* information. > > I think it would be worth fixing but possibly not a very high > priority. It is not just the directory whose permission changed but the individual files in that directory. You can also see the position, flags, mnt_id, and soon inode number of fdinfo files you open before a suid exec. Knowing what file someone is reading on a particular file descriptor number and how far they are in reading that file sounds like a side channel someone can do something with. Eric
