From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: Re: [PATCH 0/6] File Sealing & memfd_create() Date: Thu, 10 Apr 2014 16:05:34 -0700 Message-ID: References: <1395256011-2423-1-git-send-email-dh.herrmann@gmail.com> <20140320153250.GC20618@thunk.org> <20140320163806.GA10440@thunk.org> <5346ED93.9040500@amacapital.net> <20140410203246.GB31614@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Cc: "Theodore Ts'o" , linux-kernel , Kay Sievers , Daniel Mack , Lennart Poettering , John Stultz , Greg Kroah-Hartman , "dri-devel@lists.freedesktop.org" , linux-fsdevel , linux-mm , Andrew Morton , Linus Torvalds , Ryan Lortie , "Michael Kerrisk (man-pages)" To: David Herrmann Return-path: In-Reply-To: Sender: owner-linux-mm@kvack.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Apr 10, 2014 at 3:57 PM, David Herrmann wrote: > Hi > > On Thu, Apr 10, 2014 at 11:16 PM, Andy Lutomirski wrote: >> Would it make sense for the initial mode on a memfd inode to be 000? >> Anyone who finds this to be problematic could use fchmod to fix it. > > memfd_create() should be subject to umask() just like anything else. > That should solve any possible race here, right? Yes, but how many people will actually think about umask when doing things that don't really look like creating files? /proc/pid/fd is a really weird corner case in which the mode of an inode that doesn't have a name matters. I suspect that almost no one will ever want to open one of these things out of /proc/self/fd, and those who do should be made to think about it. It also avoids odd screwups where things are secure until someone runs them with umask 000. --Andy -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org