Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932216AbbD0Fia (ORCPT ); Mon, 27 Apr 2015 01:38:30 -0400 Received: from ns.horizon.com ([71.41.210.147]:34157 "HELO ns.horizon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1752119AbbD0Fi0 (ORCPT ); Mon, 27 Apr 2015 01:38:26 -0400 Date: 27 Apr 2015 01:38:23 -0400 Message-ID: <20150427053823.9847.qmail@ns.horizon.com> From: "George Spelvin" To: luto@amcaptial.net, torvalds@linux-foundation.org Subject: Re: Sharing credentials in general (Re: [GIT PULL] kdbus for 4.1-rc1) Cc: linux@horizon.com, linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1437 Lines: 33 Linus wrote: > It would be insane to say that the open system call should have an > explicit argument saying that the vfs layer should take your privileges > into account. On the contrary, it would be a big improvement on the current interface. To be clearer, it would be great if the open system call took an explicit argument saying *which* privileges it should take into account. All that screwing around with uid, euid and fsuid and crap would be a lot simpler if it was explicit in the open() call which permissions were desired. In my "If I had a time machine and could go back and talk to Ken & Dennis" fantasy, there would be no open(), only openat(), and the permissions would be associated with the dirfd. In addition to the now-current standard three fds, there would be additional ones for root and cwd. And, in a setuid program, a separate set for effective uids. So openat(fd, path, flags) would use the real or effective permissions depending on which fd was in use. A process could drop permissions by closing the associated fd. Etc. (And a program which was written without setuid awareness would only use the real-uid dirfds, and the setuidness would do nothing.) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/