Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758860AbcDHTF6 (ORCPT ); Fri, 8 Apr 2016 15:05:58 -0400 Received: from mail-ig0-f196.google.com ([209.85.213.196]:34005 "EHLO mail-ig0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754306AbcDHTF5 (ORCPT ); Fri, 8 Apr 2016 15:05:57 -0400 MIME-Version: 1.0 In-Reply-To: <87twjcorwg.fsf@x220.int.ebiederm.org> References: <878u0s3orx.fsf_-_@x220.int.ebiederm.org> <1459819769-30387-1-git-send-email-ebiederm@xmission.com> <87twjcorwg.fsf@x220.int.ebiederm.org> Date: Fri, 8 Apr 2016 12:05:56 -0700 X-Google-Sender-Auth: H8Tl6iNL2dkzH0ZznxWZctqmJ3c Message-ID: Subject: Re: [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup From: Linus Torvalds To: "Eric W. Biederman" Cc: "H. Peter Anvin" , Peter Hurley , Greg KH , Jiri Slaby , Aurelien Jarno , Andy Lutomirski , Florian Weimer , Al Viro , Serge Hallyn , Jann Horn , "security@kernel.org" , "security@ubuntu.com >> security" , security@debian.org, Willy Tarreau , Linux Kernel Mailing List Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 794 Lines: 19 On Fri, Apr 8, 2016 at 11:51 AM, Eric W. Biederman wrote: > > Given that concern under the rule we don't break userspace we have to > check the permissions of /dev/pts/ptmx when we are creating a new pty, > on a instance of devpts that was created with newinstance. The rule is that we don't break existing installations. If somebody has root and installs a "ptmx" node in an existing mount space next to a pts subdirectory, that's not a security issue, nor is it going to break any existing installation. The whole point of the patch is that yes, we change semantics. A change of semantics means that people will see situations where the behavior is different. But that's not "breaking user space", that's just "ok, you can see a difference". Linus