Re: [RFC/PATCH] revoke/frevoke system calls V2

From: Alan Cox
Date: Wed Aug 09 2006 - 14:13:48 EST

Next message: Alan Cox: "Re: [RFC/PATCH] revoke/frevoke system calls V2"
Previous message: Jes Sorensen: "Re: How to lock current->signal->tty"
In reply to: Edgar Toernig: "Re: [RFC/PATCH] revoke/frevoke system calls V2"
Next in thread: Pekka Enberg: "Re: Re: [RFC/PATCH] revoke/frevoke system calls V2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ar Mer, 2006-08-09 am 20:00 +0200, ysgrifennodd Edgar Toernig:
> And killing them is not OK? "fuser -km /dev/cdrom" already covers both
> cases, mounted somewhere and opened for special access.

fuser is quite easy to race, it doesn't handle all sorts of corner cases
like namespaces either. Its a crude blunt instrument that sometimes
works and is very slow.

> Sorry if I sound a little bit anal. IMO, a generic revoke is a pretty
> sharp sword which is given to ordinary users and I have a very uneasy
> feeling. They can dig in the innards of other people's processes - a
> clean headshot by root is something different ...

I can see your concern about arbitary files, but I'm not sure it holds
simply because the tricks already exist via other methods.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [RFC/PATCH] revoke/frevoke system calls V2"
Previous message: Jes Sorensen: "Re: How to lock current->signal->tty"
In reply to: Edgar Toernig: "Re: [RFC/PATCH] revoke/frevoke system calls V2"
Next in thread: Pekka Enberg: "Re: Re: [RFC/PATCH] revoke/frevoke system calls V2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]