On 10/30, Eric W. Biederman wrote: > > At a bare minimum you need to perform the permission check using the > credentials of the opener of the file. Which means refactoring > kill_pid so that you can perform the permission check for killing the > application during open.
perhaps it would be simpler to do
my_cred = override_creds(file->f_cred);
kill_pid(...);
revert_creds(my_cred);
?
> But overall this looks quite reasaonble.
Agreed.
Oleg.
