Re: [PATCH v2 resend] vfs: new O_NODE open flag

From: Miklos Szeredi
Date: Sat Nov 07 2009 - 02:50:32 EST

Next message: Takashi Iwai: "Re: [patch 06/16] sound: Replace old style lock initializer"
Previous message: Suresh Siddha: "Re: [tip:x86/apic] x86: Use EOI register in io-apic on intelplatforms"
In reply to: Eric W. Biederman: "Re: [PATCH v2 resend] vfs: new O_NODE open flag"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 resend] vfs: new O_NODE open flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 06 Nov 2009, ebiederm@xxxxxxxxxxxx (Eric W. Biederman wrote:
> So far no one who believes this to be a security hole has found it
> worth their while to look at nd->intent.open in proc_pid_follow_link
> and write a patch.

A rather disgusting patch that would be. The fact is, checking
permissions on follow_link makes little to no sense. Consider
truncate(2), for example. Will we add another intent for that? I
really hope not.

I'm more and more convinced, that the current behavior is the right
one.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Takashi Iwai: "Re: [patch 06/16] sound: Replace old style lock initializer"
Previous message: Suresh Siddha: "Re: [tip:x86/apic] x86: Use EOI register in io-apic on intelplatforms"
In reply to: Eric W. Biederman: "Re: [PATCH v2 resend] vfs: new O_NODE open flag"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 resend] vfs: new O_NODE open flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]