Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp34687imm; Thu, 12 Jul 2018 13:36:52 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc69ZsS0qfs30dCALPmpbLFpTv4/bodS4rmToiL4OnN5f3+2BwDXInvoZYBkq/AFwe/zB72 X-Received: by 2002:a63:91c8:: with SMTP id l191-v6mr3347398pge.180.1531427812163; Thu, 12 Jul 2018 13:36:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531427812; cv=none; d=google.com; s=arc-20160816; b=sI949TXJ1v1WC/OzbHtA+z9oadTjZ1o+mfuSEEz4licVH+qCLwkWRkN6ZOcWmNX1/0 CTo4SYEMPbEtwRiXPJLvYPKs4GkuCAlxTCHhZbHU2xaa5+mmSoCKD9ipAA64beicwNUi yGzMyZQptsmmEJhH9SWQlUU7L600mK+8TDcpt8pNLz4FVekV4+03iMqNXA87GV11lh/H avAmYcJYeGgMC5Py5kn6ltML/KQ53YkEnW8B5SiALqdjLmCGWFOa1OF+h7XJZmzQsHkt VYyjyZi6pK972sPvkUsXXnMZbZnlwajAr/6V+eoQT87Wo7QSBfR0TAHRcJflbV+SvFjk DV4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=05Aiq0Kf6T/X33YBNKlI0zJhPSuRJ+K7UU2Ba1x3VDQ=; b=EXx5sI6liHnYHPc+5u7BS0wbGnq/Bg0YVo3Lf4mDQWVfi0C1duklhXEfhZqQI8fk8v uWUZ1SrfcayofhNddfaCsnl24pA9vChQlrRpH5AfOWIxlPME/Gl92luYYPerq0+LpjWq Na02jzpJBf9Pm7t/rFdPjHbt+RsUYjzdglga6fY437QRZTFozwMuzvKwwBMcmUXUjNZo dClWuYrLhYGxN2RRCuDjhlNlCWagn4sGhhbEAsPpOOTFmQ/uq5qy31hBTc3Ccyugwrno c3R3tPab/APayJY86qBssY8tAp8Hb5s04JD9z01Z3weP8/frB2ayZTtT4P8w/6eu55q1 cHig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=DwVBxvjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f27-v6si24750959pfk.107.2018.07.12.13.36.37; Thu, 12 Jul 2018 13:36:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=DwVBxvjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732613AbeGLUqG (ORCPT + 99 others); Thu, 12 Jul 2018 16:46:06 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:35407 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732461AbeGLUqG (ORCPT ); Thu, 12 Jul 2018 16:46:06 -0400 Received: by mail-it0-f65.google.com with SMTP id l16-v6so8614891ita.0; Thu, 12 Jul 2018 13:34:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=05Aiq0Kf6T/X33YBNKlI0zJhPSuRJ+K7UU2Ba1x3VDQ=; b=DwVBxvjBcQALo09PAkfelrEKTsQcVY1ewbJsWceC5AjSIcwcYVPkVtWrQNRqd2HZx5 UNltbN9jfH48INC2Gakivm4BmTPF4Mm61e5fZ7UJy5/qomXduzk2Nh/bqy4FOUT9Lw8Y qisd236fPeAyadINkrNKclblgUkvL9LimBtFo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=05Aiq0Kf6T/X33YBNKlI0zJhPSuRJ+K7UU2Ba1x3VDQ=; b=B57+Co9riGuiFDvBeB1SmA1aQdT/580PbGNHTTay0ngtHI4Xd+Ld2iRZyjgplrs0Nc PTNwwlSAxXYmSyR7W2UxZanD9cueaYC0VW6gVRrYqTVn2YN2QDdjLD335CdQOJ1uVYv5 mz4+ITRjiPQCpyT0ymVlxMmNljN43Wl/Eu3NGuqw20jcah2E+Ze/1YOZXUpvrSE8v4HX kgtbJ7aBylgGvvl2338B97M6nI5gWZ3U2WYElgxAtPxjVe/VCO4GP7ZwDe6ATNOSrJ8/ 5deXrZ7F9rWmFpLTbmwvpHnDPjRdfGk1yEvR4O5Ctl7KgT5EZfY6PG+KRB2CfZ9XhDzc Eryw== X-Gm-Message-State: AOUpUlHoQeB4rca6zGu6pz6vAwL/m5x0Fuas2vrHrabdZ8nYiS5SXAsK Sq5Wpsr4sTVCDifMpIHOL0700aIwTwFxYXmuKQCjiA== X-Received: by 2002:a24:d0d7:: with SMTP id m206-v6mr2518873itg.1.1531427694109; Thu, 12 Jul 2018 13:34:54 -0700 (PDT) MIME-Version: 1.0 References: <153126248868.14533.9751473662727327569.stgit@warthog.procyon.org.uk> <153126264966.14533.3388004240803696769.stgit@warthog.procyon.org.uk> <686E805C-81F3-43D0-A096-50C644C57EE3@amacapital.net> <22370.1531293761@warthog.procyon.org.uk> <7002.1531407244@warthog.procyon.org.uk> <16699.1531426991@warthog.procyon.org.uk> In-Reply-To: <16699.1531426991@warthog.procyon.org.uk> From: Linus Torvalds Date: Thu, 12 Jul 2018 13:34:42 -0700 Message-ID: Subject: Re: [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for superblock creation [ver #9] To: David Howells Cc: Andrew Lutomirski , Al Viro , Linux API , linux-fsdevel , Linux Kernel Mailing List , Jann Horn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 12, 2018 at 1:23 PM David Howells wrote: > > It's all very well to say "use file->f_creds". The problem is this has to be > handed down all the way through the filesystem and down into the block layer > as appropriate to anywhere there's an LSM call, a CAP_* check or a pathwalk - > but there's not currently any way to do that. .. and the reason is simple: you damn well shouldn't do that. The unix semantics are that credentials are checked at open time. If your interface involves checking credentials at write() time, your interface is garbage shit. Really. This is the whole "write() is only for data". If you ever have credentials mattering at write time, you're doing something wrong. Really really. Don't do it. Linus