I was looking at the /proc filesystem, to finally sit down and write a
clean and thorough version of my /proc variable permissions security
patch. However, it looked a bit dubious in the dentry/inode/refcounting/
etc department.
To reproduce a _stack_ of kernel messages (including bad link counts, bad
kfree, etc) and an oops, simple type, as root: rm -rf /proc
Here's another pretty severe /proc anomaly I guessed at and reproduced;
chmod 0 /proc/uptime
ls -l /proc/uptime -- permissions unchanged as expected.
[aside: by what machanism is this change _not_ cached?]
Now, make a little program that opens /proc/uptime and sleeps. Run it.
Then, chown chris /proc/uptime; chmod 600 /proc/uptime.
Now, these changes to the inode are cached (and VFS enforced!!!!) until
the process holding open /proc/uptime exits. Not too desireable, eh? Note
that my forthcoming patch will sort out this problem, however.
Cheers
Chris