Re: [patch 2/2] fs, proc: Introduce the /proc/<pid>/map_files/directory v12

[Pavel Machek]

Hi!

> > 
> > > This one behaves similarly to the /proc/<pid>/fd/ one - it contains symlinks
> > > one for each mapping with file, the name of a symlink is "vma->vm_start-vma->vm_end",
> > > the target is the file. Opening a symlink results in a file that point exactly
> > > to the same inode as them vma's one.
> > 
> > We should fully work through Pavel Machek's comments, please.  For some
> > reason I'm a bit paranoid about security lately :(
> 
> Pavel, I somehow lost. What exactly the security issue here? There are a few
> patches from Vasiliy in -mm queue at moment. In particular one includes
> .permission set for fd/ handling. So I've updated the map_files as well
> (it's below). So please review and point me where the problem
> is. Thanks!

AFAICT, this recreates existing problem with /proc/<pid>/fd (see
discussion at 

http://www.securityfocus.com/archive/1/507386/30/0/threaded

). It creates object that looks like symlink, but does not behave as
one, and permissions of directories are not checked as they would be
if it was a symlink.

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/