sure it makes sense to plug
the O_RDONLY hole while leaving the O_PATH hole open.
--
Florian Weimer / Red Hat Product Security Team
On 04/09/2014 11:31 PM, David Herrmann wrote:
> On Tue, Apr 8, 2014 at 3:00 PM, Florian Weimer wrote:
>> How do you keep these promises on network and FUSE file systems?
>
> I don't. This is shmem only.
Ah. What do you recommend for recipient to recognize such descriptors
On 04/22/2014 01:55 PM, David Herrmann wrote:
> Hi
>
> On Tue, Apr 22, 2014 at 11:10 AM, Florian Weimer
> wrote:
>> Ah. What do you recommend for recipient to recognize such descriptors?
>> Would they just try to seal them and reject them if this fails?
>
> This h
ic primitive?
Creating aliases of memory regions would be interesting for many things
(not just libffi bypassing SELinux-enforced NX restrictions :-).
--
Florian Weimer / Red Hat Product Security Team
