Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp847100img; Thu, 21 Mar 2019 10:09:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqz8N4zLczg7vVRLPIUO2mhaK1FCYT6C4w6eZDrqM1Xw4R2u7Jub5NpgFW4HW5ZzGDNzIu5O X-Received: by 2002:a17:902:2865:: with SMTP id e92mr4696644plb.312.1553188180130; Thu, 21 Mar 2019 10:09:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553188180; cv=none; d=google.com; s=arc-20160816; b=FlqOtM9B/yaiD4GEAPjF/EEzBSiM06HtJ+LmjnBbrWInN/FH0UGJWHGMV7cRFIzb8E JdQ42f/UVIo+Ws55huVPgVVOmejmqRiKYTFCcuwXBURibd/kfXr2ShoS/8wM2MTARd2a 0dQOvLvDMxFAusWoFZCJE42cJzQVgGfYKc5SgaLPNnphoZYzQfn8oV5WlcPEFBOP6jhK JtsfE9tzX/DQFa2BEh592SYQR8orYpJwQkCnEzBmdrZ+yx+5qL0d/1YMyL4aZMxekh25 DJZATjjJTUT2lUMmJ88TLSaudDqy1sCuXsCBBoH7z1RuXchTd8juQ2V8oOEmZpF1g7fe qb9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=e+FCWTWHX0vR8yvdKarep4kcEopm0A/NeoC17R3vJ3c=; b=HI/tdPGsPNGWB0nMck5QxnappW/LBtDKezMqFrC0Ny/1M/rojCN4b8asbSAjWgaoMX 8SOmDgl2x429u0WA/HTLkKMK/9oR/3iK8AsNcxVwRhyDc1lgg2u2srgOs5jFqO326UWm Thb8BBN4B+wFpZ0WU2c8LRs2LEuPiru0dP+RL4Rj3N3h7q9h/VOjT1glvn3XBo/3WHzD 3qN6pc6w4fmovEkt9jVQXg2qXcCxEuVEGVX8o42yV9XRDR4kFmcjSitYd3ZLNJmLVKxf Sxr7R+qj895KIUoxt8Wg8Ypp9Pv4A9z/zUKdg0V1DDEqLGPfiwyYJJMkRYKQlAuMKmTF +9OA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LOOWJuBy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h2si4522641pfn.77.2019.03.21.10.09.23; Thu, 21 Mar 2019 10:09:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LOOWJuBy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728623AbfCURGy (ORCPT + 99 others); Thu, 21 Mar 2019 13:06:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:45436 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728480AbfCURGx (ORCPT ); Thu, 21 Mar 2019 13:06:53 -0400 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6A81921902 for ; Thu, 21 Mar 2019 17:06:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553188012; bh=Z0TElPGWZSWlaikZLt8SCY2ee3JnG2HgbznQh5bPGA4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=LOOWJuByXdD8b1+jaFaSyr2zkkWalCl3ge3GcdiEL7xQhxqFstxkD3iPS5oivvNwv fXk7botuCK+0WuBs1LpokFKGPVRJyzjSCtkieDm7ekaZBH6QL5NcHPnwJvbrZPlg5y cf8jq5Ru86+dYbkwriWjrXA3+kdpKbhGC5HnJoSE= Received: by mail-wm1-f53.google.com with SMTP id z6so2487275wmi.0 for ; Thu, 21 Mar 2019 10:06:52 -0700 (PDT) X-Gm-Message-State: APjAAAWtLtuUum5KfL9ACsplMVryV1Qxw7y8+nXH31DQZ2ezyjXFH9Xc mYORueWPCkY5stwCGBViEiBaJruCkchTA2kNmVWZEQ== X-Received: by 2002:a1c:4d12:: with SMTP id o18mr217890wmh.74.1553188009218; Thu, 21 Mar 2019 10:06:49 -0700 (PDT) MIME-Version: 1.0 References: <20190320143717.2523-1-cyphar@cyphar.com> In-Reply-To: <20190320143717.2523-1-cyphar@cyphar.com> From: Andy Lutomirski Date: Thu, 21 Mar 2019 10:06:38 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RESEND v5 0/5] namei: vfs flags to restrict path resolution To: Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Eric Biederman , Andy Lutomirski , Jann Horn , Christian Brauner , David Drysdale , Tycho Andersen , Kees Cook , Linux Containers , Linux FS Devel , Linux API , Andrew Morton , Alexei Starovoitov , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linus Torvalds , LKML , linux-arch Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 20, 2019 at 7:38 AM Aleksa Sarai wrote: > > Now that the holiday break is over, it's time to re-send this patch > series (with a few additions, due to new information we got from > CVE-2019-5736 -- which this patchset mostly protected against but had > some holes with regards to #!-style scripts). I generally like this, but, as Linus pointed out, it will be unfortunate if application authors see this as just another non-portable weird Linux API and don't use it. Would it be worthwhile to put some thought into making it an API that other OSes might be willing to implement? As it stands, the openat(2) flags are getting rather crazy in this patch set. Aleksa had a resolveat(2) proposal that really didn't seem too bad.