Re: check capabilities in open()

From: Vasiliy Kulikov
Date: Mon Jul 26 2010 - 12:52:54 EST

Next message: Luis R. Rodriguez: "Re: BUG at arch/x86/mm/physaddr.c:5"
Previous message: Christoph Lameter: "Re: [PATCH] Tight check of pfn_valid on sparsemem - v4"
In reply to: Ted Ts'o: "Re: check capabilities in open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 26, 2010 at 07:23 -0400, Ted Ts'o wrote:
> The reason why the apm device needed to sample the suser() bit is that
> it can be opened by root and non-root processes, but it wanted to
> extend the Unix/Linux paradigm that privileges are tested at open()
> time.
Yes, it's exactly that I mean, check at open() time and grand high or
less priviledges.

>
> So this is a not a bug, but quite deliberately, by design.
If it is explicitly designed to check UID at open() time and to have 2
kinds of file descriptors - priviledged and nonpriviledged, I'm fine
with this.

I wanted kernel community to draw attention because this moment was
not obviously for me and I thought it was a design flaw. Now I'm pleased
with your explanation, thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luis R. Rodriguez: "Re: BUG at arch/x86/mm/physaddr.c:5"
Previous message: Christoph Lameter: "Re: [PATCH] Tight check of pfn_valid on sparsemem - v4"
In reply to: Ted Ts'o: "Re: check capabilities in open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]