From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jonathan Corbet Subject: Re: [RFC PATCH] Generic name to handle and open by handle syscalls Date: Thu, 25 Feb 2010 07:30:02 -0700 Message-ID: <20100225073002.1f6ef3cd@bike.lwn.net> References: <1266558149-11460-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com> <20100222160659.48a91f82@bike.lwn.net> <87ocjgib0j.fsf@linux.vnet.ibm.com> <20100225045323.GA25549@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Cc: "Aneesh Kumar K. V" , hch@infradead.org, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org To: "Serge E. Hallyn" Return-path: Received: from tex.lwn.net ([70.33.254.29]:37351 "EHLO vena.lwn.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932680Ab0BYOaE (ORCPT ); Thu, 25 Feb 2010 09:30:04 -0500 In-Reply-To: <20100225045323.GA25549@us.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, 24 Feb 2010 22:53:23 -0600 "Serge E. Hallyn" wrote: > I'd be curious to see the reasons for requiring it in the xfs version. > Do you have any docs about it? You're still doing a dentry_open, and > you got the filename fd somehow so the name shouldn't be a secret... > An LSM hook - specifically to make sure that selinux still allows you > to read the path (access to file->f_security) - might belong here, I had assumed it was the path that was the issue; a file handle is divorced from that path, so there's no way to know if a process can search its way down to the file or not. That would leave the system open to the same "open the file after path permissions have changed" problem that people have complained about in other contexts. It seems like you could also fish for files by opening random file handles; I don't know how large the search space is, so it's hard for me to say how practical that would be. jon