On 04/10/2014 10:37 PM, Andy Lutomirski wrote:
> It occurs to me that, before going nuts with these kinds of flags, it
> may pay to just try to fix the /proc/self/fd issue for real -- we
> could just make open("/proc/self/fd/3", O_RDWR) fail if fd 3 is
> read-only. That may be enough for the file sealing thing.
Increasing privilege on O_PATH descriptors via access through
/proc/self/fd is part of the userspace API. The same thing might be
true for O_RDONLY descriptors, but it's a bit less likely that there are
any users out there. In any case, I'm not sure it makes sense to plug
the O_RDONLY hole while leaving the O_PATH hole open.
--
Florian Weimer / Red Hat Product Security Team
