On Fri, Jul 2, 2021 at 11:43 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> Uhm, this is only checked in open(), and never again? Is this safe in
> the face of exec or pid re-use?
Interesting question, but not really all that valid for this particular patch.
Why? Because we already only check for owner permissions on open, and
never again. So if we have fdinfo issues across a suid exec or pid
re-use, they are pre-existing..
But yes, it would probably be a good idea to think about readdir() on
that directory. If somebody reminds me after the merge window is over,
I'll come back to this, but if somebody else wants to think about it
before then, that would be great.
Linus
