Re: [PATCH v2 2/3] seccomp: Introduce addfd ioctl to seccomp user notifier

From: Al Viro
Date: Sat May 30 2020 - 10:08:52 EST

On Fri, May 29, 2020 at 07:43:10PM -0700, Kees Cook wrote:

> Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we
> move the put_user() after instead? I think cleanup would just be:
> replace_fd(fd, NULL, 0)


Repeat after me: descriptor tables can be shared. There is no
"cleanup" after you've put something there. If you do not get
it, you have no business messing with any of this stuff.