Dear diary, on Mon, Apr 10, 2006 at 09:42:03AM CEST, I got a letter
where "Eric W. Biederman" <[email protected]> said that...
> The most straight forward is:
> int openat(int dirfd, const char *path, int flags, int mode)
> {
> int orig_dir_fd;
> int result;
> lock()
> orig_dir_fd = open(".");
> fchdir(dirfd);
> result = open(relpath);
> fchdir(orig_dir_fd);
> close(orig_dir_fd);
> unlock();
> return result;
> }
>
> I suspect something like the above needs to be considered if
> you want the emulation to work on old kernels, in the presence
> of suid applications.
>
..snip..
>
> Although I guess you could attempt to use /proc/self/fd/<n>
> and if that gets a permission problem try a slower but more
> reliable path in the emulation.
Oops, I completely forgot about fchdir(). Thanks, I think I will use
something like this for now.
By the way, I would like to return to a statement from your previous
mail:
> Other processes we do need to deny if we aren't dumpable because
> they don't have another way to get that information.
I still don't understand this - so why don't provide them _this_ way to
get that information? What is the security risk?
--
Petr "Pasky" Baudis
Stuff: http://pasky.or.cz/
Right now I am having amnesia and deja-vu at the same time. I think
I have forgotten this before.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]