Date: Tue, 13 Apr 2004 17:16:32 -0700
From: Chris Wright <chrisw@osdl.org>
To: Andrew Morton <akpm@osdl.org>
Cc: Fabian Frederick <Fabian.Frederick@skynet.be>,
       linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2.6.5-mm4] sys_access race fix
Message-ID: <20040413171632.P22989@build.pdx.osdl.net>
References: <1081881778.5585.16.camel@bluerhyme.real3> <20040413170309.14b7a334.akpm@osdl.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20040413170309.14b7a334.akpm@osdl.org>; from akpm@osdl.org on Tue, Apr 13, 2004 at 05:03:09PM -0700
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1134
Lines: 24

* Andrew Morton (akpm@osdl.org) wrote:
> Do races in access() actually matter?  I mean, some other process could
> change things a nanosecond after access() has completed and the value which
> the access() caller received is wrong anyway.
> 
> Or is there some deeper problem which you are addressing here?

There is a race where, the saved off capabilities could blow away recently
updated capabilites when they are restored.  But, it's only raceable
against tasks that have SETPCAP and are setting another task's caps.
Otherwise it's serialised by the fact that we're dealing with a single
task that can only be in one syscall at a time.  Fixing it would require
something like passing creds into the permission function, instead of
them being deduced from current, a rather invasive change.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/