LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] vfs: new O_NODE open flag

[Posted October 28, 2009 by jake]

From:  Jamie Lokier <jamie-AT-shareable.org>
To:  Miklos Szeredi <miklos-AT-szeredi.hu>
Subject:  Re: [PATCH] vfs: new O_NODE open flag
Date:  Mon, 28 Sep 2009 14:28:45 +0100
Message-ID:  <20090928132845.GC19778@shareable.org>
Cc:  Valdis.Kletnieks-AT-vt.edu, linux-AT-treblig.org, agruen-AT-suse.de, linux-fsdevel-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org
Archive-link:  Article, Thread 

Miklos Szeredi wrote:
> BTW I just checked, and it is possible to re-open or promote an fd
> opened with O_NODE like this:
> 
> 	char tmp[64];
> 
> 	fd = open(filename, O_NODE | O_NOACCESS);
> 	/* ... */
> 	sprintf(tmp, "/proc/self/fd/%i", fd);
> 	fd_rw = open(tmp, O_RDWR);
> 
> Now fd_rw is guaranteed to refer to the same inode as fd.

If someone passes you a file descriptor opened with O_RDONLY, you
shouldn't be able to upgrade it to O_RDWR unless you have access to
the file and could do a normal open() on the file.

I hope the above cannot convert O_NOACCESS to O_RDWR without checking
that you have access to the file.

Hmm.  I have just tried, and you _can _use open("/proc/self/fd/%d",
O_RDWR) to re-open with more permissions when you can't access the
path which /proc/self/fd/%d pretends to link to.  It looks a bit
dubious, as you might have been passed an O_RDONLY descriptor with the
intention that you can't write to it...  Oh well!

-- Jamie
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds