Re: [PATCH 0/6] File Sealing & memfd_create()

From: Florian Weimer
Date: Tue Jun 17 2014 - 05:48:51 EST

Next message: Tony Lindgren: "Re: [PATCH v7 4/5] ARM: dts: am43x-epos-evm: Update binding for touchscreen size"
Previous message: Daniel Borkmann: "[PATCH] mips: filter: fix build error in BPF JIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/10/2014 10:37 PM, Andy Lutomirski wrote:

It occurs to me that, before going nuts with these kinds of flags, it
may pay to just try to fix the /proc/self/fd issue for real -- we
could just make open("/proc/self/fd/3", O_RDWR) fail if fd 3 is
read-only. That may be enough for the file sealing thing.

Increasing privilege on O_PATH descriptors via access through /proc/self/fd is part of the userspace API. The same thing might be true for O_RDONLY descriptors, but it's a bit less likely that there are any users out there. In any case, I'm not sure it makes sense to plug the O_RDONLY hole while leaving the O_PATH hole open.

--
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony Lindgren: "Re: [PATCH v7 4/5] ARM: dts: am43x-epos-evm: Update binding for touchscreen size"
Previous message: Daniel Borkmann: "[PATCH] mips: filter: fix build error in BPF JIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]