LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] vfs: new O_NODE open flag

[Posted October 28, 2009 by jake]

From:  Jamie Lokier <jamie-AT-shareable.org>
To:  Miklos Szeredi <miklos-AT-szeredi.hu>
Subject:  Re: [PATCH] vfs: new O_NODE open flag
Date:  Mon, 28 Sep 2009 14:28:45 +0100
Message-ID:  <20090928132845.GC19778@shareable.org>
Cc:  Valdis.Kletnieks-AT-vt.edu, linux-AT-treblig.org, agruen-AT-suse.de, linux-fsdevel-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org
Archive-link:  Article, Thread 

Miklos Szeredi wrote:
> BTW I just checked, and it is possible to re-open or promote an fd
> opened with O_NODE like this:
> 
> 	char tmp[64];
> 
> 	fd = open(filename, O_NODE | O_NOACCESS);
> 	/* ... */
> 	sprintf(tmp, "/proc/self/fd/%i", fd);
> 	fd_rw = open(tmp, O_RDWR);
> 
> Now fd_rw is guaranteed to refer to the same inode as fd.

If someone passes you a file descriptor opened with O_RDONLY, you
shouldn't be able to upgrade it to O_RDWR unless you have access to
the file and could do a normal open() on the file.

I hope the above cannot convert O_NOACCESS to O_RDWR without checking
that you have access to the file.

Hmm.  I have just tried, and you _can _use open("/proc/self/fd/%d",
O_RDWR) to re-open with more permissions when you can't access the
path which /proc/self/fd/%d pretends to link to.  It looks a bit
dubious, as you might have been passed an O_RDONLY descriptor with the
intention that you can't write to it...  Oh well!

-- Jamie
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds