Re: How to tell whether a struct file is held by a process?

[Alan Stern]

On Thu, 21 May 2009, Kay Sievers wrote:

> Not sure, if we already discussed that with a conclusion: this
> "prevent access to a future device" interface needs to work at the pid
> level, or would a uid/gid check be sufficient?
> 
> Root can do all that stuff anyway, even with the locking in place.
> Uid/gid file permissions need to be applied to the "lock file", so
> specified non-root users can use that interface.
> 
> Maybe it would be good enough, to check that the one that opened the
> "lock file" has the same uid/gid as the on that tries to open the
> device when it has shown up?

I don't know; it depends on what people want.  Pantelis, would this be 
good enough for you?  That is, restrict the device either to programs 
having the same uid/gid or having the same pid as the process that 
opened the lock file?

(Note that the pid check alone isn't fully secure, since pid values get 
reused after a process ends.)

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/