From: Oleg Nesterov <oleg@redhat.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Andy Lutomirski <luto@amacapital.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
"security@kernel.org" <security@kernel.org>,
Ingo Molnar <mingo@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
Brad Spengler <spender@grsecurity.net>
Subject: /proc/pid/fd && anon_inode_fops
Date: Sat, 24 Aug 2013 20:29:39 +0200 [thread overview]
Message-ID: <20130824182939.GA23630@redhat.com> (raw)
In-Reply-To: <20130822201530.GL31117@1wt.eu>
Sorry for off-topic, I am just curios.
On 08/22, Willy Tarreau wrote:
>
> It's not only that, it also supports sockets and pipes that you can access
> via /proc/pid/fd and not via a real symlink which would try to open eg
> "pipe:[23456]" instead of the real file.
But sock_no_open() disallows this, and for good reason I guess.
I am wondering, perhaps anon_inode should do the same? I do not
see any problem, but it looks pointless and misleading to allow
to open a file you can do nothing with.
Or is there any reason why, say, open("anon_inode:[perf_event]")
should succeed?
Thanks,
Oleg.
--- x/fs/anon_inodes.c
+++ x/fs/anon_inodes.c
@@ -24,7 +24,15 @@
static struct vfsmount *anon_inode_mnt __read_mostly;
static struct inode *anon_inode_inode;
-static const struct file_operations anon_inode_fops;
+
+static int anon_open(struct inode *inode, struct file *file)
+{
+ return -ENXIO;
+}
+
+static const struct file_operations anon_inode_fops = {
+ .open = anon_open,
+};
/*
* anon_inodefs_dname() is called from d_path().
next prev parent reply other threads:[~2013-08-24 18:36 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-21 19:14 [PATCH v2] vfs: Tighten up linkat(..., AT_EMPTY_PATH) Andy Lutomirski
[not found] ` <CA+55aFxi-ps2f2M8xPhfbuQ0pToqupPrDsLi2+GPUK2sqdYfUw@mail.gmail.com>
[not found] ` <CALCETrW7+LcexA6v6RQDKhni_yJAduOmiSDneCpq3v8sPDvwUQ@mail.gmail.com>
2013-08-21 20:16 ` Willy Tarreau
2013-08-22 18:48 ` Linus Torvalds
2013-08-22 18:53 ` Willy Tarreau
2013-08-22 19:05 ` Andy Lutomirski
2013-08-22 19:23 ` Linus Torvalds
2013-08-22 20:10 ` Andy Lutomirski
2013-08-22 20:15 ` Willy Tarreau
2013-08-22 20:22 ` Andy Lutomirski
2013-08-22 20:44 ` Linus Torvalds
2013-08-22 20:48 ` Andy Lutomirski
2013-08-22 20:54 ` Linus Torvalds
2013-08-22 20:58 ` Andy Lutomirski
2013-08-23 1:07 ` Al Viro
2013-08-25 3:37 ` Al Viro
2013-08-25 7:26 ` Andy Lutomirski
2013-08-25 14:23 ` Al Viro
2013-08-25 17:04 ` Andy Lutomirski
2013-08-25 19:57 ` Linus Torvalds
2013-08-25 20:06 ` Al Viro
2013-08-25 20:23 ` Linus Torvalds
2013-08-26 17:37 ` Linus Torvalds
2013-08-26 18:07 ` Linus Torvalds
2013-08-26 18:11 ` Andy Lutomirski
2013-08-27 19:16 ` [RFC PATCH] fs: Add user_file_or_path_at and use it for truncate Andy Lutomirski
2013-08-27 19:32 ` Linus Torvalds
2013-08-27 20:28 ` Andy Lutomirski
2013-08-28 6:16 ` Al Viro
2013-08-28 16:24 ` Linus Torvalds
2013-08-28 19:04 ` Andy Lutomirski
2013-08-28 19:59 ` Al Viro
2013-08-28 21:07 ` Andy Lutomirski
2013-08-27 23:08 ` Al Viro
2013-08-27 23:13 ` Andy Lutomirski
2013-08-24 18:29 ` Oleg Nesterov [this message]
2013-08-24 21:24 ` /proc/pid/fd && anon_inode_fops Willy Tarreau
2013-08-25 5:23 ` Al Viro
2013-08-25 6:50 ` Willy Tarreau
2013-08-25 18:51 ` Linus Torvalds
2013-08-25 19:48 ` Oleg Nesterov
2013-08-25 20:05 ` Linus Torvalds
2013-08-26 15:33 ` Oleg Nesterov
2013-08-26 16:37 ` Oleg Nesterov
2013-08-26 17:54 ` [PATCH] proc: make proc_fd_permission() thread-friendly Oleg Nesterov
2013-08-26 18:09 ` Linus Torvalds
2013-08-26 19:35 ` Linus Torvalds
2013-08-26 20:20 ` Willy Tarreau
2013-08-27 15:05 ` Oleg Nesterov
2013-08-27 14:39 ` [PATCH 0/1] proc: make /proc/self point to thread Oleg Nesterov
2013-08-27 14:40 ` [PATCH 1/1] " Oleg Nesterov
2013-08-27 16:39 ` Linus Torvalds
2013-08-27 17:49 ` Oleg Nesterov
2013-08-27 18:15 ` Linus Torvalds
2013-08-27 18:28 ` Oleg Nesterov
[not found] ` <CALCETrXP-mYBPRon=0NzexW1FK1Qxz2+Bwv7-WeHBQpvW7ywRg@mail.gmail.com>
2013-08-27 15:45 ` [PATCH] proc: make proc_fd_permission() thread-friendly Oleg Nesterov
2013-08-26 18:32 ` Eric W. Biederman
2013-08-26 18:46 ` Oleg Nesterov
2013-08-26 18:56 ` Oleg Nesterov
2013-08-26 19:10 ` Eric W. Biederman
2013-08-27 14:53 ` Oleg Nesterov
2013-08-25 18:32 ` /proc/pid/fd && anon_inode_fops Linus Torvalds
2013-08-25 19:11 ` Al Viro
2013-08-25 19:17 ` Andy Lutomirski
2013-09-03 15:58 ` Pavel Machek
2013-08-25 15:45 ` Oleg Nesterov
[not found] ` <20130825051044.GY27005@ZenIV.linux.org.uk>
[not found] ` <20130825155348.GB25922@redhat.com>
[not found] ` <CALCETrXrtP2C+g=QeNWK4EMctmonW91kWoO1xmy7rDmEj__1Dw@mail.gmail.com>
[not found] ` <20130825174936.GA30957@redhat.com>
2013-08-25 17:55 ` [PATCH 0/1] anon_inodefs: forbid open via /proc Oleg Nesterov
2013-08-25 17:55 ` [PATCH 1/1] " Oleg Nesterov
2013-08-22 19:39 ` [PATCH v2] vfs: Tighten up linkat(..., AT_EMPTY_PATH) Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130824182939.GA23630@redhat.com \
--to=oleg@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=security@kernel.org \
--cc=spender@grsecurity.net \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox