> > Suppose I give you an O_RDONLY handle to a file which you then
> > flink and gain write access too ?
>
> This, I believe, is the real issue. However, we already have that
> problem:
As far as I understand it, isn't the protection information stored in the
inode? The flink call is just linking an inode into a directory that the
caller has write access to. The permissions and ownership of the file
shouldn't change.
> int main(int argc, char *argv[])
> {
> int rfd, wfd;
> char filebuf[PATH_MAX];
>
> rfd = open("testfile", O_RDONLY|O_CREAT, 0666);
> /* Now rfd is a read-only file descriptor */
There is nothing stopping the caller from re-opening the to-be flinked()
file descriptor read-write using its name if the caller has permissions.
So I don't see why that case is different.
Other than that, HPA's responses make sense.
Personally, I would like to see this system call in Linux. It does make
certain thing easier. Not necessarily even in a security context, but
sometimes its generally useful to be able to make a hard link to an
already open file rather than track the name.
L8r,
Mark G.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/