Re: [PATCH] new syscall: flink

H. Peter Anvin (hpa@zytor.com)
6 Apr 2003 20:39:59 -0700

Followup to: <Pine.BSO.4.44.0304062250250.9407-100000@kwalitee.nolab.conman.org>
By author: Mark Grosberg <mark@nolab.conman.org>
In newsgroup: linux.dev.kernel
>
> > > Suppose I give you an O_RDONLY handle to a file which you then
> > > flink and gain write access too ?
> >
> > This, I believe, is the real issue. However, we already have that
> > problem:
>
> As far as I understand it, isn't the protection information stored in the
> inode? The flink call is just linking an inode into a directory that the
> caller has write access to. The permissions and ownership of the file
> shouldn't change.
>

The problem is when you get passed a file descriptor from another
process (via exec or file-descriptor passing) and you don't have
permissions to access the *directory*.

My example, though, shows that we have this problem already.

> > int main(int argc, char *argv[])
> > {
> > int rfd, wfd;
> > char filebuf[PATH_MAX];
> >
> > rfd = open("testfile", O_RDONLY|O_CREAT, 0666);
> > /* Now rfd is a read-only file descriptor */
>
> There is nothing stopping the caller from re-opening the to-be flinked()
> file descriptor read-write using its name if the caller has permissions.
> So I don't see why that case is different.

Again, permissions on the directory.

-hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/