Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S269775AbUINVXS (ORCPT ); Tue, 14 Sep 2004 17:23:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S269699AbUINVUz (ORCPT ); Tue, 14 Sep 2004 17:20:55 -0400 Received: from fw.osdl.org ([65.172.181.6]:1424 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S269226AbUINShu (ORCPT ); Tue, 14 Sep 2004 14:37:50 -0400 Date: Tue, 14 Sep 2004 11:37:36 -0700 From: Chris Wright To: William Lee Irwin III Cc: Roger Luethi , Albert Cahalan , Stephen Smalley , Andrew Morton OSDL , lkml , Paul Jackson , James Morris , Chris Wright Subject: Re: [1/1][PATCH] nproc v2: netlink access to /proc information Message-ID: <20040914113736.H1924@build.pdx.osdl.net> References: <20040909212507.GA32276@k3.hellgate.ch> <1094942212.1174.20.camel@cube> <20040914064403.GB20929@k3.hellgate.ch> <20040914071058.GH9106@holomorphy.com> <20040914075508.GA10880@k3.hellgate.ch> <20040914080132.GJ9106@holomorphy.com> <20040914092748.GA11238@k3.hellgate.ch> <20040914153758.GO9106@holomorphy.com> <20040914160150.GB13978@k3.hellgate.ch> <20040914163712.GT9106@holomorphy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20040914163712.GT9106@holomorphy.com>; from wli@holomorphy.com on Tue, Sep 14, 2004 at 09:37:12AM -0700 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1091 Lines: 25 * William Lee Irwin III (wli@holomorphy.com) wrote: > On Tue, 14 Sep 2004 08:37:58 -0700, William Lee Irwin III wrote: > >> No, in general races of the form "permissions were altered after I > >> checked them" can happen. > > On Tue, Sep 14, 2004 at 06:01:50PM +0200, Roger Luethi wrote: > > Can you make an example? Some scenario where this would be important? > > Not particularly. It largely means poorly-coded apps may report gibberish. Canonical example is access(2) followed by open(2), not really relevant in this case. However, exec setuid root app...when do you check, and when to you fill in data to send back to user? For /proc, this type of check happens often (see things like may_ptrace_attach and task_dumpable in fs/proc/base.c). thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/