>> Should a user be able to revoke a file descriptor opened by a root
>> processes in the first place?
No. Users should, at most, be able to revoke from any process that
shares a UID value.
> Ok, good question. Let's look at the permisstion issue:
>
> I had this check in my revoke attempt:
>
> + retval = -EPERM;
> + if (!capable(CAP_DAC_OVERRIDE &&
> + current->fsuid != dentry->d_inode->i_uid)) {
> + goto out_dput;
> + }
>
> I agree that revoke should be limited to block and char devices, this way
> users that don't get ownership of a block/char device cannot do anything
> bad with it.
These could be fun:
/dev/null /dev/zero /dev/urandom /dev/psaux /dev/random /dev/sndstat
I think it best to handle revoke on a device-by-device basis,
starting with virtual consoles and related devices.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/