Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1761605AbZJNNRe (ORCPT ); Wed, 14 Oct 2009 09:17:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1761540AbZJNNRd (ORCPT ); Wed, 14 Oct 2009 09:17:33 -0400 Received: from cantor2.suse.de ([195.135.220.15]:42715 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754211AbZJNNRc (ORCPT ); Wed, 14 Oct 2009 09:17:32 -0400 From: Andreas Gruenbacher Organization: SUSE Labs, Novell To: Miklos Szeredi Subject: Re: [PATCH] vfs: new O_NODE open flag Date: Wed, 14 Oct 2009 15:14:52 +0200 User-Agent: KMail/1.10.3 (Linux/2.6.30-rc6-git3-4-pae; KDE/4.1.3; i686; ; ) Cc: Andreas Dilger , Valdis.Kletnieks@vt.edu, linux@treblig.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org References: <20090928152128.GA3384@webber.adilger.int> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200910141514.52811.agruen@suse.de> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 831 Lines: 21 On Monday 28 September 2009 18:04:10 Miklos Szeredi wrote: > The point of the above example was that reopening a file descriptor > with upgraded (or downgraded) access mode is even now possible. Which > either means: > > a) the current permission model under /proc/PID/fd has a security > hole (which Jamie is worried about) No worries -- access to /proc/PID/fd/* requires ptrace access to PID, so we do not have a security hole here. The ptrace checks were introduced here: 778c1144771f0064b6f51bee865cceb0d996f2f9 df26c40e567356caeefe2861311e19c54444d917 Cheers, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/