From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756665Ab3HYUGO (ORCPT ); Sun, 25 Aug 2013 16:06:14 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:43731 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753799Ab3HYUGM (ORCPT ); Sun, 25 Aug 2013 16:06:12 -0400 Date: Sun, 25 Aug 2013 21:06:06 +0100 From: Al Viro To: Linus Torvalds Cc: Andy Lutomirski , Willy Tarreau , "security@kernel.org" , Ingo Molnar , Linux Kernel Mailing List , Oleg Nesterov , Linux FS Devel , Brad Spengler Subject: Re: [PATCH v2] vfs: Tighten up linkat(..., AT_EMPTY_PATH) Message-ID: <20130825200605.GC27005@ZenIV.linux.org.uk> References: <20130822201530.GL31117@1wt.eu> <20130823010726.GP27005@ZenIV.linux.org.uk> <20130825033741.GX27005@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Aug 25, 2013 at 12:57:25PM -0700, Linus Torvalds wrote: > Yes. I think we should do this, but I think we should also look at > what _other_ LOOKUP_xyz we should do for the /proc case. > > For the read-only fd case, we should have a LOOKUP_WRITE flag, and > return -EPERM if an operation is a write, and we terminate in that > LAST_BIND case. > > That would catch the truncate() case, but also the "open a read-only > fd for write or O_TRUNC" case. > > Anything else? What other path operations matter that follow links > than truncate(), link() and open()? Timestamp updates, chmod/chown, xattr mess...