Previously H. Peter Anvin wrote:
> b) This is a security hole, in which case /proc needs to be fixed. In
> particular, the open("/proc/self/fd/3", O_RDWR) in my example above
> should return EPERM.
proc might not be a problem if you deal with a chroot or namespace which
doesn't have proc mounted and no processes running with mount
capabilities. flink could still be a problem in those situations.
Wichert.
-- Wichert Akkerman <wichert@wiggy.net> http://www.wiggy.net/ A random hacker - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 07 2003 - 22:00:32 EST