|
|
|
|
|
|
by yencabulator
415 days ago
|
|
|
> io_uring just reduces the number of system calls required - but since it works on file descriptors, you must have already acquired the fd in the correct mode. With the caveat that you can open files through io_uring requests, too: https://www.man7.org/linux/man-pages/man3/io_uring_prep_open... And they might not have traditional FDs: https://lwn.net/Articles/863071/ But yes, it's bad security architecture (fail-open), not updated fast enough. The real answer is probably something more like Landlock, where it's the kernel's job to understand syscall semantics. |
|
|