sure it makes sense to plug
the O_RDONLY hole while leaving the O_PATH hole open.
--
Florian Weimer / Red Hat Product Security Team
On 04/22/2014 01:55 PM, David Herrmann wrote:
> Hi
>
> On Tue, Apr 22, 2014 at 11:10 AM, Florian Weimer
> wrote:
>> Ah. What do you recommend for recipient to recognize such descriptors?
>> Would they just try to seal them and reject them if this fails?
>
> This h
On 04/09/2014 11:31 PM, David Herrmann wrote:
> On Tue, Apr 8, 2014 at 3:00 PM, Florian Weimer wrote:
>> How do you keep these promises on network and FUSE file systems?
>
> I don't. This is shmem only.
Ah. What do you recommend for recipient to recognize such descriptors
ic primitive?
Creating aliases of memory regions would be interesting for many things
(not just libffi bypassing SELinux-enforced NX restrictions :-).
--
Florian Weimer / Red Hat Product Security Team
