>>> I now have a flink-test2.txt file. That is pretty cool ;)
>>
>> It's also a security hole.
>
> It may well be one when going via /proc. But is it one when going
> via a (hypothetical) proper flink(2)? If so, why?
>
> Note that every process who has a filehandle open for reading can
> already get at the file contents and write them to a completely new
> file, and every process who has it open for writing can already
> change its contents to everything it likes. So I can see read|write
> checks on the file handle. Also all the usual link(2) checks. What
> else could be a hole?
If the file descriptor you have was opened O_RDONLY, but you have
write permission on the file itself, then creating a new name for it
would allow you to open it O_RDWR.
I'm not 100% convinced by this argument. If you really want a
particular user not to be able to write to a file, the certain answer
is to set its permissions appropriately, rather than rely on it having
no name.
One could make the hypothetical flink(2) only work on O_RDWR file
descriptors, or only on files owned by the euid of the calling
process.
-- http://www.greenend.org.uk/rjk/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/