On Sat, 21 Aug 2010 10:09:00 +1000, Neil Brown <email@example.com> wrote:
Why would that be an issue ? Even though a hardlink can be created,
only process with right privileges can access them. One problem is;
being able to create hardlinks at different directory location as above
implies that there is no way to guarantee that the file got completely
removed from the system. Is this the security risk that you are pointing
a sys_handle_link that limits to CAP_DAC_READ_SEARCH is a nice compromise.
But that would imply once can guess the handle and create a hardlink to it.
struct file_handle already include the length.