Re: [PATCH] new syscall: flink

Wichert Akkerman (wichert@wiggy.net)
Mon, 7 Apr 2003 20:47:19 +0200


Previously H. Peter Anvin wrote:
> b) This is a security hole, in which case /proc needs to be fixed. In
> particular, the open("/proc/self/fd/3", O_RDWR) in my example above
> should return EPERM.

proc might not be a problem if you deal with a chroot or namespace which
doesn't have proc mounted and no processes running with mount
capabilities. flink could still be a problem in those situations.

Wichert.

-- 
Wichert Akkerman <wichert@wiggy.net>           http://www.wiggy.net/
A random hacker
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/