I think the main idea is to take coherent snapshots of the current credentials at the moment a syscall's made, so that it can follow the request all the way through to completion.
In a multithreaded app, you could have races on some of the details, because not all credentials are per-thread. The kernel may have reason to examine your credentials more than once through the process of executing a system call, and those could be spaced widely in time.
Imagine symlink traversal over a slow link. I remember reading somewhere that Linux's support for deep directory structures and high levels of symlink nesting means a single directory lookup could cause 300MB of disk to get read if you set things up right. :-) An attacker would be motivated to do just that.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds