Hi On Tue, Apr 22, 2014 at 5:24 PM, Andy Lutomirski <l...@amacapital.net> wrote: > On Tue, Apr 22, 2014 at 8:19 AM, David Herrmann <dh.herrm...@gmail.com> wrote: >> In other words, the bug you describe is that /proc/pid/fd/ allows >> access to objects without a reachable path to the only _real_ >> filesystem link. But isn't the same true for openat()? > > I don't think so. openat doesn't work on fds for things that aren't > directories.
Sorry, I wasn't precise enough: I meant the same 'leak' occurs if you keep a dir-fd on the directory in question _before_ it is set to 0600. Just like the example race keeps a file-fd to the file in question. So after the directory is set to 0600 you can use that dir-fd via openat() to avoid the whole path-lookup just like you do it via /proc. Thanks David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/