Received: by 10.223.185.116 with SMTP id b49csp1052331wrg; Wed, 21 Feb 2018 11:14:22 -0800 (PST) X-Google-Smtp-Source: AH8x226ZXacMAZhKiWwyEAZPMv3lFzVCiTk5eomVK2Y9B8w4QDrCL7SLEEKOwBMELS3uYDMlMZPv X-Received: by 2002:a17:902:9885:: with SMTP id s5-v6mr4135457plp.400.1519240462136; Wed, 21 Feb 2018 11:14:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519240462; cv=none; d=google.com; s=arc-20160816; b=nJglESiKt9naloUmZlgAOYmlEliCjTgV7IHXkwAmanOovn+pI1h97wRXOLQgkPh4nx bBaXuKDdexhoUmqAmYicRlhjZFAXDymV4kyRQrwWbw1O2e7AmSj4Fniemo+odqZjkeI0 JKA3mVva06tE54prruzHxJjbGHV6E6KYtShtTQ/Zgkr0zNLrmNkuvq+YMnd6NLKVhj3Z zbPHBwqb4zQpKLhuZOHEMmJsaAyJ+dY4MLQWzaSu4k2EzOjTk2fOACMdoRuyDgc3nfHE GMl5+vDo++XwLbed42H8+yv6TavY/GLyg7i7Sd1rWUcNNFo61T6Dzah3fkZOcmrJSFks BE+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=RVuCt1ReWZtxUX6k8trpJY5rxHBJDPmlITKKJHXdf4E=; b=Jp85DXr0fkMI4vcyoVaoRtXy2Qyj989p+pSsYEsXpzn7TbZIuAJ5VkS+HrwO1xoPCu 7wvrDwP1fBAd3lCN1QyFRK63qhL3Y6yBulF2nGmemtF/+Z41IS7Gsc+15xVPQ/e4gVwq LqshD5mQMForB2iqp8QRQxlrbflzH1qe1xcVYODzl1//8C4ej5sDVu77ZPnit6hVkbsY HYCm9RweWqZO24AGdV6PMho2pGuYaRNpC/QfLTw8+lFxC8cEczbauBR4rVtN+8ZHIzvl 9EcjvSviLuAQGlHtyJfDYLqu92QHERHGsOrrlEqBa7fMBSb0dDx3y2zX1aY8ixS1RYXg BoEg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14si2112786pgn.306.2018.02.21.11.14.07; Wed, 21 Feb 2018 11:14:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751882AbeBUSVV (ORCPT + 99 others); Wed, 21 Feb 2018 13:21:21 -0500 Received: from mga12.intel.com ([192.55.52.136]:25386 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751734AbeBUSVT (ORCPT ); Wed, 21 Feb 2018 13:21:19 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Feb 2018 10:21:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,375,1515484800"; d="scan'208";a="202749398" Received: from tassilo.jf.intel.com (HELO tassilo.localdomain) ([10.7.201.35]) by orsmga005.jf.intel.com with ESMTP; 21 Feb 2018 10:21:18 -0800 Received: by tassilo.localdomain (Postfix, from userid 1000) id 67313301B54; Wed, 21 Feb 2018 10:21:04 -0800 (PST) Date: Wed, 21 Feb 2018 10:21:04 -0800 From: Andi Kleen To: Linus Torvalds Cc: Ard Biesheuvel , "Luck, Tony" , Joe Konno , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Matthew Garrett , Jeremy Kerr , Matthew Garrett , Peter Jones , Andy Lutomirski , James Bottomley Subject: Re: [PATCH 1/2] fs/efivarfs: restrict inode permissions Message-ID: <20180221182104.GI3231@tassilo.jf.intel.com> References: <20180215182208.35003-2-joe.konno@linux.intel.com> <6680a760-eb30-4daf-2dad-a9628f1c15a8@kernel.org> <20180220211849.fqjb6rdmypl6opir@agluck-desk> <20180220233008.55rfm7zw62hrao5p@agluck-desk> <3908561D78D1C84285E8C5FCA982C28F7B37DE1B@ORSMSX110.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > But it should be fairly easy to just add a 'struct ratelimit_state' to > 'struct user_struct', and then you can easily just use > > '&file->f_cred->user->ratelimit' > > and you're done. Make sure the initial root user has it unlimited, and > limit it to something reasonable for all other user allocations. How about uid name spaces? Someone untrusted in a container could create a lot of uids and switch between them. A global rate limit seems better. While in theory it allows DoS it's probably not worse than a lot of others we have with other resources, and it's relatively harmless. -Andi