Re: [PATCH 0/3] vfs: plug some holes involving LAST_BIND symlinksand file bind mounts (try #5)

[Al Viro]

On Sun, Dec 20, 2009 at 08:59:03PM +0100, Pavel Machek wrote:
> > WTF not?  It's convenient and doesn't lose any real security.  If your
> > code relies on inaccessibility of <path> since some component of that
> > path is inaccessible, you are *already* fscked.  Consider e.g. fchdir()
> > and its implications - if you have an opened descriptor for parent,
> > having no exec permissions on grandparent won't stop you at all.  Already.
> > On all Unices, regardless of openat(), etc.
> 
> Consider FD passing over unix socket. Passing R/O file descriptor to
> the other task, then having the task write to the file is certainly bad.

You've omitted the "R/O file descriptor of a file that is writable for
that other task" part...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/