Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1074683imm; Wed, 18 Jul 2018 16:17:58 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdzySDkBvmToX//yAcaxdh9I7/rlryNusmxgVs6+n7X6sl2kbq7wvZjOlrEl7NfrchHCSZw X-Received: by 2002:a62:d544:: with SMTP id d65-v6mr7012845pfg.107.1531955878169; Wed, 18 Jul 2018 16:17:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531955878; cv=none; d=google.com; s=arc-20160816; b=1A6Fstfu5aVB44WBwLoTqKZMUHABWtwepxBwiXMtbQcInQPxFts+HWQWZyB36GVvKr XWKkoCFyduFQ6oh3fkq4e4fygOyItddTzTh/hI6LpvdavBFc5r0HO8ziTHr0+WQJyxtc hhj6RmUIjX96HbLLAJqP65XL8sqR8ets6n5jDImwppvkDhlEXJbGZKXtGhpf3QkDRE4h M/aVcViUe2R0mp5tgRUhPsA4sWjrV/Q1fZbyrBDeYxz55tF+6xSy7x8p0J+d5SKjqdFz Y4gHXCVQB1LHnePyhAET+BCbWVBQdYyynfckeUuKBLg5FOmq2bmlHl45G6d06yi+WRgZ Vg9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=0VGnjQVyiEIv3D4SrVZwD74LjjQdW4ZKDWRDwDJnmdM=; b=f5RpfexyyZDRQbLytPirJJOzprxSJ6SB9E7szTKFzfvJp7vM+PEZjrBN1U+AN3H+qX he0ewo14up9Gc48Q39g4w7oPArWptkpkkd2G9xLWWtLrEk/9i39x9AqYpcDGilOEmm8X 2pJidEU3bX44HslkuashDl9s/TkQ16FY3KJtULPtNmTXxH37DuzVfpaO595ke1aQW+vB ZjWl6jSgMACgnUP8vVp05gUrcNX9SA6gkxlpSHYjYWh4r70EzB7/y/MlMButuAydjDOW OL0LzZwfhVfYcqkLH7WdPTjoubz8XYAu80mAKi63qsZcg1mtGaQfawCXKs6m+bQ6zRaB 04jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="b1fn/UD4"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e36-v6si4263321pge.507.2018.07.18.16.17.43; Wed, 18 Jul 2018 16:17:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="b1fn/UD4"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730693AbeGRX5W (ORCPT + 99 others); Wed, 18 Jul 2018 19:57:22 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:46777 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729972AbeGRX5W (ORCPT ); Wed, 18 Jul 2018 19:57:22 -0400 Received: by mail-io0-f196.google.com with SMTP id i18-v6so5521616ioj.13; Wed, 18 Jul 2018 16:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0VGnjQVyiEIv3D4SrVZwD74LjjQdW4ZKDWRDwDJnmdM=; b=b1fn/UD4WUAGhPLG5V6j2jLGSqXpG6jOFcUAa8TAIlcWFqFGoZH0Oo37Fc7iVIfmfd 9tPZEq2Nf34fElrdWw6zqoaV7lKriQPax2SQcvuWw8evmSDfZmkrApLUUH3bOYN8NJv4 O/Uxa+ZxmJwi3Oie/tCXHykGNDKzOoHDrHAGA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0VGnjQVyiEIv3D4SrVZwD74LjjQdW4ZKDWRDwDJnmdM=; b=RElElHdudS8wEYJA0BNoHghoG1SczQ3Hd7C8mT3W7rifgqFvryD0k1UkkTMFgqaTRW t1c1RGPKbW/vLLoQ8DuGN/7mQJL4wwWDgOovhG8Jsq+Pp5nojGods1hf/3n0mJXo5bkP XelCAgiBXba8YoaM+x5CzK67iSaV1DfxHGHupdpya5w6fyYKtMWO9DYOHvUKTwJgPojz twPU17av2ax1Q6wW/ultpGvoJ/zOkXslY0YwtmfsPWebK6Y2PD97e7YkXqRtesR9XPua VEBf+UIC/6UiS7An38tFwdMO7nLtmVxu4uZO80D4iLF5Hh23fa/Od7sEzgMOUrtxDb2/ tQmQ== X-Gm-Message-State: AOUpUlGhVxJAiHwy2AYe0SdERlgCVuHiO4OiZM9TbDc/8e/uqqpaDGEc FswABEwy2oo6OX9yh0meBzMeAujxlYFOXIF7hpU= X-Received: by 2002:a6b:1502:: with SMTP id 2-v6mr7080602iov.203.1531955830887; Wed, 18 Jul 2018 16:17:10 -0700 (PDT) MIME-Version: 1.0 References: <20180718025636.GA26175@ZenIV.linux.org.uk> <20180718132955.2bf185b7@canb.auug.org.au> <20180718124340.GS30522@ZenIV.linux.org.uk> <20180718181252.GU30522@ZenIV.linux.org.uk> <20180718194637.GV30522@ZenIV.linux.org.uk> <20180718200411.GW30522@ZenIV.linux.org.uk> <15538.1531949263@warthog.procyon.org.uk> In-Reply-To: <15538.1531949263@warthog.procyon.org.uk> From: Linus Torvalds Date: Wed, 18 Jul 2018 16:16:59 -0700 Message-ID: Subject: Re: [RFC] call_with_creds() To: David Howells Cc: Al Viro , Miklos Szeredi , Stephen Rothwell , linux-fsdevel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 18, 2018 at 2:27 PM David Howells wrote: > > As I may have said, I have tried modifying the kernel to pass the cred pointer > down. It should always be there in the 'struct file *'. Now, we may have some broken stuff that passes only inodes down, but they probably really should be fixed. > The drivers and ioctl() implementations are/were particularly nasty in > this respect. So many of them were doing checks against the current thread, > not f_cred. So ioctl() may be ok, simply because at least you shouldn't be able to fool suid programs to do ioctl's on untrusted file descriptors. So using current_cred() is still technically very wrong, but it's probably not a huge problem in practice. Now, if there's some cachefs kind of "do ioctl at the behest of somebody else", then *that* would be a problem. I'm hoping there isn't. Linus