Tony Finch <d...@dotat.at> wrote: > Attacker opens [directory] and waits. ... > Attacker uses openat() to open and modify the "private" file.
Surely if the permissions do not allow lookup then openat() will fail. [The attacker opened directory when it was searcheable; then permissions were closed; then attacker attempts openat().] Surely directory contents are not cached??!! Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
