Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4009656yba; Tue, 23 Apr 2019 13:26:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqybJPAtdzb84OVAmYcGyjkyHk5TQ28IzCaC7adPznbbUDiCXHhFIYy/LIEQHTvitXeyPOKj X-Received: by 2002:a65:4481:: with SMTP id l1mr26388475pgq.66.1556051192516; Tue, 23 Apr 2019 13:26:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556051192; cv=none; d=google.com; s=arc-20160816; b=1DDsaM37y12TzoiY1WUtDd4PjHOLD2oJgKqFxpJsggNrWRmiWDaCqjywr2jR/gxeXf qAij+YbWEIXLEqGg/9z4pDymr8aKwlk5MKMnMItFtxF3d2ddpvEy4gz9OUNSHOBw4Ds2 wePlHsloapE/hE5X9256ih+H5QeQMJFPsJHnc2npZn2vcFdayj0DEX0N2weqfJ0nnfmV EM7oeBlvbZXccD20Znz0S56i8GuVSdBcs8ZWPiGHHvyr0CjcgvGFHhkTElzlYsvuxNjU 95uvpbj9HXmB+CgbaS6rjZGU1SbZnCyGHjiYqkOCpckaOV/RB7VHYDhmIRVLv0jq49Bf MOFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=rNechRkgVW2EOElb/tN6qOonoYKsAlTuRzUZ5rgYqoc=; b=K18h6Uy5FsvEoSJ3rU8kNlBfGQ9fVhhUaKlJehqc7KLC+SXf2qhxDIFD3FbBuqBh1O Oxg3eUdMdl5yCTu8pOlqcqOWf05IUARZprzaVNBw2mgIYnofNR2up2C5SwwsYcJf8Vjb uq3aJWXu3el9czou3sq0PItWBD9r98cEejbft2ZDS1084RI07M/+MGM47YCSp3MQ3HrO KZ7/Kpze7f32eFh1mXAaA7LCdvtcpatL0e0HuwjI+QbT9b305HXtfRI1uAHJAr3brgvB zgrxc131vN5M5hGim2MVDrXNpMdAiqPM5A1JEs3cJHkTgimvdto+l6qbR44PfZCxMD8e veMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=bzEZfgKp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f66si17186049plb.281.2019.04.23.13.26.16; Tue, 23 Apr 2019 13:26:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=bzEZfgKp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727247AbfDWUYK (ORCPT + 99 others); Tue, 23 Apr 2019 16:24:10 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:42996 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727159AbfDWUYK (ORCPT ); Tue, 23 Apr 2019 16:24:10 -0400 Received: by mail-ed1-f68.google.com with SMTP id u23so13540738eds.9 for ; Tue, 23 Apr 2019 13:24:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=rNechRkgVW2EOElb/tN6qOonoYKsAlTuRzUZ5rgYqoc=; b=bzEZfgKpdodMc0rwRmq/8Vcam1zz6eHpHn+4cBU5QnfVLEgo4CI4SWNXOWywI0QJT5 DXwQsx53s32d9yjIMMci92FVtwBogkh1YHYCiSvy8n6zc2TRCSL/IUAnt8kkCuFucSFC rigxSorQ13wtm906P7XNEGExDPoGztR1GTVC+J8x6npohv90GWktFQCss3pjpBaY2Ey2 S2ytiZdV8ukd1dBbSvAueMFGsjpwlURSFRYQout8jE/HdoHmQDLY7ppZmRyCfDi6aOXw nij47hHNvTEd0/dHM512oc50LqvBs9qC+o1XniQYa2j70WYGy5glhRX4XvyNp3X9Tqgc A7bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=rNechRkgVW2EOElb/tN6qOonoYKsAlTuRzUZ5rgYqoc=; b=fIGsAWMgeOqGjNYC1dVmZ2XYA/Q7TrAWGQoCtVwIj1juv4KgO+ILMl2nR0yYuKXZ/Q 8OTt4wkwWFmAFUxwATjiA+hwlYa5h1c4jyF7iCXK59w6WwwZXhwgvLUV0gS4DVsI4K+U nyyQnQJzSvHP4XlZ9V45VsC3G7SNXm2Rq3YmtllUjBeCtvzcRGzVOHr1pKoEsxIR5aH3 vbDwInSb2NzQe+TnOyzWbVGw7Bf1O5uib19+GRTGh/nxNtVIISV8ZVNUm2YaCnNlXqIl SdgsirA2NLKpG6Agnta1OWZbWcIqXa3JeWv77CvCSoAvi3wxlIaDetbsZNU8mWXXtW/9 rKXQ== X-Gm-Message-State: APjAAAXoazi3eb6TAoBRwLAdH6dLhZLBQwvv73TaTFDpAEP3z6fsqhqu u4bSqjMNSiDTFe4yrZ5mUIOh+5HbVM+Ggg== X-Received: by 2002:a50:8c24:: with SMTP id p33mr17745067edp.210.1556051048193; Tue, 23 Apr 2019 13:24:08 -0700 (PDT) Received: from brauner.io ([212.91.227.56]) by smtp.gmail.com with ESMTPSA id d14sm4928682edj.57.2019.04.23.13.24.06 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 23 Apr 2019 13:24:07 -0700 (PDT) Date: Tue, 23 Apr 2019 22:24:06 +0200 From: Christian Brauner To: Kees Cook , Al Viro Cc: Aleksa Sarai , Andy Lutomirski , Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Eric Biederman , Jann Horn , David Drysdale , Tycho Andersen , Linux Containers , Linux FS Devel , Linux API , Andrew Morton , Alexei Starovoitov , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linus Torvalds , LKML , linux-arch Subject: Re: [PATCH RESEND v5 0/5] namei: vfs flags to restrict path resolution Message-ID: <20190423202405.wzs7lkjqgrlzwyu5@brauner.io> References: <20190320143717.2523-1-cyphar@cyphar.com> <20190325130429.dbrgjxnvq3w5cpb3@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 23, 2019 at 01:13:52PM -0700, Kees Cook wrote: > On Mon, Mar 25, 2019 at 6:05 AM Aleksa Sarai wrote: > > > > On 2019-03-21, Andy Lutomirski wrote: > > > On Wed, Mar 20, 2019 at 7:38 AM Aleksa Sarai wrote: > > > > Now that the holiday break is over, it's time to re-send this patch > > > > series (with a few additions, due to new information we got from > > > > CVE-2019-5736 -- which this patchset mostly protected against but had > > > > some holes with regards to #!-style scripts). > > > > > > I generally like this, but, as Linus pointed out, it will be > > > unfortunate if application authors see this as just another > > > non-portable weird Linux API and don't use it. Would it be worthwhile > > > to put some thought into making it an API that other OSes might be > > > willing to implement? As it stands, the openat(2) flags are getting > > > rather crazy in this patch set. > > I think many of the issues are specific to Linux (and Linux containers > especially), so I'm not sure this should get blocked because we want > something more portable. > > This series provides solutions to so many different race and confusion > issues, I'd really like to see it land. What's the next step here? Is > this planned to go directly to Linus for v5.2, or is it going to live > in -mm for a while? I'd really like to see this moving forward. Yeah, it would be good to move this forward. But since this is pretty much core-vfs we really need Al to take a look at this. Christian