On Jun 17, 2014 2:48 AM, "Florian Weimer" <fweimer at redhat.com> wrote: > > On 04/10/2014 10:37 PM, Andy Lutomirski wrote: > >> It occurs to me that, before going nuts with these kinds of flags, it >> may pay to just try to fix the /proc/self/fd issue for real -- we >> could just make open("/proc/self/fd/3", O_RDWR) fail if fd 3 is >> read-only. That may be enough for the file sealing thing. > > > Increasing privilege on O_PATH descriptors via access through /proc/self/fd is part of the userspace API. The same thing might be true for O_RDONLY descriptors, but it's a bit less likely that there are any users out there. In any case, I'm not sure it makes sense to plug the O_RDONLY hole while leaving the O_PATH hole open.
Do you mean O_PATH fds for the directory or O_PATH fds for the file itself? In any event, I'm much less concerned about passing O_PATH memfds around than O_RDONLY memfds. I have incomplete patches for this stuff. I need to fix them so they work and get past Al Viro. --Andy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20140617/30d2d605/attachment.html>