Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp723313ybm; Wed, 22 May 2019 10:24:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqyGxcreJ9mb+tc4n29shjfCxmvcUJuZ22UOUhrstgEI1ddFx6PRekHZaplO+HxfB+QjIhqL X-Received: by 2002:a17:902:5983:: with SMTP id p3mr89319365pli.224.1558545865145; Wed, 22 May 2019 10:24:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558545865; cv=none; d=google.com; s=arc-20160816; b=fKlZUdkz9MBXXJA+6SL/ZO+e6ymX0iY13hibCcSBaPyxWgcuRK5D9jmKaRU6c/OR5/ mcq4lw3he8PO+wqcxW/Xc6NYffs7BIHmSo3WeKL6d2vgV3qeDQYpAm3VEOkVP9iw8vcC /105IEQVQi58cv+dJv5nCVlorlbgrTEu/SBtG5n6MS36UCW/oi03BlobljXRATogVEqM X1QexxnpcnR72C2KVyH3vNU37TaJKe9HO+pcrLPX83zeK4lgg6GYIn/19PUDw2N8NHik 76p+hTjUx3dz7DU/0yOnoXvINNDSXDJDQ9uDG+qCXUK2RK/zPiyg6csozA+QNi7ZERSj OA0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=5Mtu8EZ2bDO34+iYOL+3W4HXRLk+CuAkXG/gIimIGg0=; b=VYANE7fvv7Mf9PFLvWwVVevMzUGkhxPruYRBjnQ6XWm1f6stVatIdcqH6npaNIKohT fYnZci/VE+WTd1+eJqbVA+C552gEbTeizX8LTgrPEpOe/OAuO7GhXPs1rYRhHRU0g6/i xBm9v3MDAPwMGEPoQqHRd4ILCjbnA8bX9w/XooODtaGhXPL0RbETUL/OwIhKoXENMMEw baQxTvVSb2Bo2rqoeBaQ/M+e0SBV0nbiXCSE0gMFc8Fb6M1KJ/c8wu8xJDvuia90wRMB MYY+uT1AUQOyPIgcdf8kwDTg0TlLwOugRbMLDlubknsnId5/QVABM7VHF6XpyLS4x6Hi IVfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="MsjcP/wm"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d8si25856000pls.208.2019.05.22.10.24.09; Wed, 22 May 2019 10:24:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="MsjcP/wm"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729721AbfEVRBe (ORCPT + 99 others); Wed, 22 May 2019 13:01:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:49692 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729362AbfEVRBd (ORCPT ); Wed, 22 May 2019 13:01:33 -0400 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F33D5217D9 for ; Wed, 22 May 2019 17:01:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558544493; bh=DJgR/FpliS0Me3x1HOUMcXaB5qbJaIcK3y6mo6dtkdI=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=MsjcP/wmE2u37Efmd4kzw0sTZUcCVtwCP/zoIhkXmWefB513vNebZpabZCGppCTiw RAFkYaPZ8SUZF9kRQN3hH3a2OlrIW/+IvVmrvCN62iSKBZgDjCgez0MJ6iWGroFRH8 IUJYfZ6SjKFupXceNRLuApBIuJeoaNJ4ZM88wQNw= Received: by mail-wm1-f54.google.com with SMTP id j187so2983090wmj.1 for ; Wed, 22 May 2019 10:01:32 -0700 (PDT) X-Gm-Message-State: APjAAAUr2kiimRPgQj27rvths5YYrDHnt8USNam0l/jRFtPbQ19z/zp2 rbukWvOcBEI2v3O2VSI0BztI44kGYRIcQ4Pmna7jqg== X-Received: by 2002:a7b:c084:: with SMTP id r4mr7926856wmh.14.1558544489730; Wed, 22 May 2019 10:01:29 -0700 (PDT) MIME-Version: 1.0 References: <20190520133305.11925-1-cyphar@cyphar.com> <20190520133305.11925-2-cyphar@cyphar.com> In-Reply-To: <20190520133305.11925-2-cyphar@cyphar.com> From: Andy Lutomirski Date: Wed, 22 May 2019 10:01:17 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC v8 01/10] namei: obey trailing magic-link DAC permissions To: Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Andy Lutomirski , Christian Brauner , Eric Biederman , Andrew Morton , Alexei Starovoitov , Kees Cook , Jann Horn , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linus Torvalds , Linux Containers , "open list:KERNEL SELFTEST FRAMEWORK" , Linux FS Devel , Linux API , LKML , linux-arch Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 20, 2019 at 6:34 AM Aleksa Sarai wrote: > One final exception is given, which is that non-O_PATH file descriptors > are given re-open rights equivalent to the permissions available at > open-time. This allows for O_RDONLY file descriptors to be re-opened > O_RDWR as long as the user had MAY_WRITE access at the time of opening > the O_RDONLY descriptor. This is necessary to avoid breaking userspace > (some of the kernel's own selftests depended on this "feature"). Can you clarify this exception a bit? I'd like to make sure it's not such a huge exception that it invalidates the whole point of the patch. If you open a file for execute, by actually exec()ing it or by using something like the proposed O_MAYEXEC, and you have inode_permission to write, do you still end up with FMODE_PATH_WRITE? The code looks like it does, and this seems like it might be a mistake. Is there any way for user code to read out these new file mode bits? What are actual examples of uses for this exception? Breaking selftests is not, in and of itself, a huge problem.