Re: How to tell whether a struct file is held by a process?

From: Alan Stern
Date: Thu May 21 2009 - 17:27:31 EST


On Thu, 21 May 2009, Kay Sievers wrote:

> Not sure, if we already discussed that with a conclusion: this
> "prevent access to a future device" interface needs to work at the pid
> level, or would a uid/gid check be sufficient?
>
> Root can do all that stuff anyway, even with the locking in place.
> Uid/gid file permissions need to be applied to the "lock file", so
> specified non-root users can use that interface.
>
> Maybe it would be good enough, to check that the one that opened the
> "lock file" has the same uid/gid as the on that tries to open the
> device when it has shown up?

I don't know; it depends on what people want. Pantelis, would this be
good enough for you? That is, restrict the device either to programs
having the same uid/gid or having the same pid as the process that
opened the lock file?

(Note that the pid check alone isn't fully secure, since pid values get
reused after a process ends.)

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/