Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp862249yba; Sun, 31 Mar 2019 15:19:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqx/+BxisxCiRtF2Lk+4TgGjN2KoAsyRPT0x2Re454q3UYpin8f4AvnGvOo2ORlysf+eTmz4 X-Received: by 2002:a63:f310:: with SMTP id l16mr56857394pgh.72.1554070762943; Sun, 31 Mar 2019 15:19:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554070762; cv=none; d=google.com; s=arc-20160816; b=eGJEVNAs2YOmA28rLfdpcE3U5OhnGg5wH4cLgGfWTrRmD8qVZ2ur9oiNDKgT485VnR oK7H2Rfah+K1CCnrG/9BfBfi6W2Y6UOnm1lQ+usNQmWnLpSyLPsxHWEgLyJr7XdmbdB9 mMNap78Kyt5C2YmxRUYozg/CN8wUDMm5B2HtF9qBPMCHsc8SlflFGaAeJAT4EoGrLK6H RQ3yynLJLHhxoAS7VuCPIoow4QSdeZ+UFEJrGvLOfTaW/6Huqrt6NJFYoIYLSg+BDQPR RYBQkeiadiwmIuvF3xrPtiYmGLzMoywhEIpTvFq0wdurcqbei2uYtvJl34JbyRyMjw3R oQeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=7iWaNGazU86TlQXdHpzXsf+daDCF3+iOIFXb6JN254A=; b=i7BU4z9E+QYFLRE8Qx4+gJcc601G3xQZ9Y306BBCBwAh7sQzIEx3/FjX7PE04BQ5pt G04BmkNjmDIMAgJGNuLEOmoVVx2Qgv3PV8wW4rDkI2kPUHd0Mu4BwtdsimG2fkJUoNxB JHw2jPbLwVcdMY4pYPs1W9K6oZavIlDAdZgjdwHq+XT3cr+gkHtY6i8wQZ3Sd6BikMcJ xzHy4KaCygCXaIv2znvkrrKuzu42tx75O7fQZr8WWVquggbL8bR8O9X9sWXQ/BIKln+m f37bQpKKdH7qbe64ZqYim73VPRuFsRrh7eBwBTnzmGoAmQhEXW7spFBLJC4wHs5xkhm2 5AIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=RxVcOUq+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p10si7137325plk.413.2019.03.31.15.19.06; Sun, 31 Mar 2019 15:19:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=RxVcOUq+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731453AbfCaWRJ (ORCPT + 99 others); Sun, 31 Mar 2019 18:17:09 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:33753 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731326AbfCaWRI (ORCPT ); Sun, 31 Mar 2019 18:17:08 -0400 Received: by mail-lf1-f67.google.com with SMTP id v14so4865723lfi.0 for ; Sun, 31 Mar 2019 15:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7iWaNGazU86TlQXdHpzXsf+daDCF3+iOIFXb6JN254A=; b=RxVcOUq+sSCNkmtuhzEZW0gzLmPC5ePL721nNOv0uNjtVOxFK5s2+qSYnxal6L7Eos 6t4cDvAGjDeteyR9ZA6OJ0T9YsX6pbfBaxK8C/ItD7wDLZxdPCxorteJxbjEuQZJ6+L6 EuN5Jbg4HNSiGTmM9KAKtUzy6labYD708MKAs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7iWaNGazU86TlQXdHpzXsf+daDCF3+iOIFXb6JN254A=; b=sOOBetie+cWjdYPNB4zJQA1M9WgsagldWxDi7AtBGdNV/v8F89tBhm+k2svCnMzNZd Ov8sd+oavQldd++ZcZtfanuVwJqD+lWwDEZMsbJevQbuU5//e4WRuE5awJv4D3KRrl8H q616JB3WAtyI/wufKyRP4MlvVZgnKZzLIeT3WNaP9hQPuhlRroOF6rjsowow/HrpsA/w Qd2wu1hI2n13TcEEXtDTNyeLUEK9g4JL0/JApIS1wm4ikZT37pO59lc5h5zQExBfnxjZ wh0xhosCJyfUx3QqiUiZJKbD+cvi2AclJWl9yvCbQI820QJ6GyCm8S9/IHONUMEuBMIS P0NA== X-Gm-Message-State: APjAAAXRG8bQRBcTKPOvqdDdQg4s4o4Ebln6sky5QFVNWs9SOd2dY7RZ Z4aGxtWyq+bNIyW212qJGgvmu16b8jg= X-Received: by 2002:ac2:4561:: with SMTP id k1mr25933360lfm.95.1554070625630; Sun, 31 Mar 2019 15:17:05 -0700 (PDT) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com. [209.85.167.52]) by smtp.gmail.com with ESMTPSA id u11sm1707800ljh.80.2019.03.31.15.17.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 31 Mar 2019 15:17:04 -0700 (PDT) Received: by mail-lf1-f52.google.com with SMTP id v71so33321lfa.11 for ; Sun, 31 Mar 2019 15:17:03 -0700 (PDT) X-Received: by 2002:a19:ca02:: with SMTP id a2mr30531508lfg.88.1554070623650; Sun, 31 Mar 2019 15:17:03 -0700 (PDT) MIME-Version: 1.0 References: <20190330171215.3yrfxwodstmgzmxy@brauner.io> <132107F4-F56B-4D6E-9E00-A6F7C092E6BD@amacapital.net> <20190331211041.vht7dnqg4e4bilr2@brauner.io> <20190331220259.qntxynluk765hpnt@brauner.io> In-Reply-To: <20190331220259.qntxynluk765hpnt@brauner.io> From: Linus Torvalds Date: Sun, 31 Mar 2019 15:16:47 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 0/5] pid: add pidfd_open() To: Christian Brauner Cc: Andy Lutomirski , Daniel Colascione , Jann Horn , Andrew Lutomirski , David Howells , "Serge E. Hallyn" , Linux API , Linux List Kernel Mailing , Arnd Bergmann , "Eric W. Biederman" , Konstantin Khlebnikov , Kees Cook , Alexey Dobriyan , Thomas Gleixner , Michael Kerrisk-manpages , Jonathan Kowalski , "Dmitry V. Levin" , Andrew Morton , Oleg Nesterov , Nagarathnam Muthusamy , Aleksa Sarai , Al Viro , Joel Fernandes Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Mar 31, 2019 at 3:03 PM Christian Brauner wrote: > > Thanks for the input. The problem Jann and I saw with this is that it > would be awkward to have the kernel open a file in some procfs instance, > since then userspace would have to specify which procfs instance the fd > should come from. I would actually suggest we just make the rules be that the pidfd_open() always return the internal /proc entry regardless of any mount-point (or any "hidepid") but also suggest that exactly *because* it gives you visibility into the target pid, you'd basically require the strictest kind of control of the process you're trying to get the pidfd of. Ie likely something along the lines of ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS) kind of requirements. But honestly, just how much do you need pidfd_open()? If this is purely because somebody goes "oh, ASCII is expensive", then just stop doing it entirely. It's not. It's fine. Going throuigh a filesystem is a *good* thing, exactly because it allows MIS to control it. So it's entirely possible that the right answer is: "just open /proc//", and accept the fact that everybody has it anyway, and people who don't have it don't get the new functionality (with the possible exception of clone(CLONE_PIDFD), which only gives you access to a child you created yourself. Linus