Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1030655AbbDWStD (ORCPT <rfc822;w@1wt.eu>);
	Thu, 23 Apr 2015 14:49:03 -0400
Received: from mail-ig0-f172.google.com ([209.85.213.172]:36403 "EHLO
	mail-ig0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1030317AbbDWSs7 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 23 Apr 2015 14:48:59 -0400
MIME-Version: 1.0
In-Reply-To: <CA+55aFwNP+7A9U1M5xCJ4feY1hYMcU7LNP2ALw0jgn0f2Py0Tg@mail.gmail.com>
References: <20150413190350.GA9485@kroah.com>
	<20150423130548.GA4253@kroah.com>
	<20150423163616.GA10874@kroah.com>
	<CALCETrWoCsXDWYPedwMDk1s=Bxtc2s+oMCLCok8jg8-RbEL4KQ@mail.gmail.com>
	<20150423171640.GA11227@kroah.com>
	<CA+55aFwNP+7A9U1M5xCJ4feY1hYMcU7LNP2ALw0jgn0f2Py0Tg@mail.gmail.com>
Date: Thu, 23 Apr 2015 11:48:58 -0700
X-Google-Sender-Auth: 2uCWwE2qGTeOmg4-B64IrQki4YY
Message-ID: <CA+55aFzv=JJR+WSEG_f-WEb3mAC-+eXoRUMUj7qeLrPK1PdGoQ@mail.gmail.com>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
        Andrew Morton <akpm@linux-foundation.org>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Tom Gundersen <teg@jklm.no>, Jiri Kosina <jkosina@suse.cz>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Daniel Mack <daniel@zonque.org>,
        David Herrmann <dh.herrmann@gmail.com>,
        Djalal Harouni <tixxdz@opendz.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1817
Lines: 43

On Thu, Apr 23, 2015 at 10:57 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> Same goes for uid etc - if you are implementing a service daemon, the
> uid of the requester sure as hell makes a ton of difference in what
> you might want to expose. Things like "does this user have access
> rights to the printer?" are very natural questions to ask.

Hmm. Looking at the code, it strikes me that not only does
kdbus_meta_proc_collect() collect too much, but some of what it
collects it just seems to do *wrong*.

So I agree with collecting user and credential information (obviously
unlike some people ;), but I think the code that does it is just
wrong.

The way to collect user and credential information is very simple: you
look at "file->f_cred".

That's _it_. Nothing more. Maybe you do "get_cred(file->f_cred):" if
you have lifetimes of this after the "struct file" is gone. But you
don't copy the fields individually or willy-nilly.

That "struct cred" reference gets you all you need. It gets you the
supplementary groups. It gets you the capabilities. It gets you the
user and group id's.

And equally importantly, it gets you the namespace so that you can do
conversions to random target namespaces later, when you actually *use*
the information.

There might be some question about whether you should use
"current->cred" or "file->f_cred", but the latter is almost always the
right thing to use when you are doing file operations. The unix
filesystem security model is about permissions at open time, not at
use time.

                         Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/