[PATCH 0/6] File Sealing & memfd_create()
Andy Lutomirski
luto at amacapital.net
Tue Jun 17 09:21:43 PDT 2014
On Jun 17, 2014 2:48 AM, "Florian Weimer" <fweimer at redhat.com> wrote:
>
> On 04/10/2014 10:37 PM, Andy Lutomirski wrote:
>
>> It occurs to me that, before going nuts with these kinds of flags, it
>> may pay to just try to fix the /proc/self/fd issue for real -- we
>> could just make open("/proc/self/fd/3", O_RDWR) fail if fd 3 is
>> read-only. That may be enough for the file sealing thing.
>
>
> Increasing privilege on O_PATH descriptors via access through
/proc/self/fd is part of the userspace API. The same thing might be true
for O_RDONLY descriptors, but it's a bit less likely that there are any
users out there. In any case, I'm not sure it makes sense to plug the
O_RDONLY hole while leaving the O_PATH hole open.
Do you mean O_PATH fds for the directory or O_PATH fds for the file
itself? In any event, I'm much less concerned about passing O_PATH memfds
around than O_RDONLY memfds.
I have incomplete patches for this stuff. I need to fix them so they work
and get past Al Viro.
--Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20140617/30d2d605/attachment.html>
More information about the dri-devel
mailing list