Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp168614pxf;
        Tue, 30 Mar 2021 23:35:50 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy5MYfgVAxzhYj08F9rKYQcABqEOSUlrO2ywvabGg5JoECVzjPnVNh5vexqvw6UoVySwPJh
X-Received: by 2002:a05:6402:26d3:: with SMTP id x19mr1731499edd.349.1617172550739;
        Tue, 30 Mar 2021 23:35:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617172550; cv=none;
        d=google.com; s=arc-20160816;
        b=g0p03VAGIJBvF7z+OvMqDaxObfwFJj30KUwJ4sWkq1hAzHHAD3H7lmBBGu5qe4F0+C
         YHZDTJOgTAUqZ1bYZyMrpsLPi5YJqxmEgnyvX4rIgrpD+XiDEKIKwqFtd9YdURvIgkBk
         uuEfpQBGH2hyXxxtU2lC7gWqws7ZUtQAMTe8MvhY7WtJFJ03hDluXVCqDHBacQXgBX0k
         dKPONQsXE2jIbBzIaeMMze/xUIMP6ieYBz0POnHQnDQLtECPNO1IRJKOM843BXuhQkT1
         EpJvRFa05KUXCbbmyFm/DNbnZE3NMbn/lY5d1BaSnxpRHL4ihQhhEwV++xwNmZ+2qnFO
         qPmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=x7E1wex7Rgk6NTF0qxG5fAUgQOw2qDroxwl1+zJ5Mho=;
        b=CPNlzZSRF2y6qG3fuAMGirOrDeg/YfWpXWwdISH6uQmKBnoRzI7t0ABK75y5VnknqO
         9kJ/g8RcipKhOJd0pF5sWsmCgnbXHehWoOGHC2pBDiDMBg+e8f4XhIojyJLRGMye1g2D
         XaFeRwbToHoDZsBFw2IMgX3sy9VZfkO841whfwj3WTL5k0OJ5mW0bBoz1XjSiRAniXmu
         3FrcqLRaDkefRU6CICRAji/UKPlQ9CKS+g9Hvvm+0EVri/dl79Vhevmjkc554+K2JUgt
         dJGtCs9tytNqP3HISlgQfXdCQDWRgoMf2WyZWHL5arQ5wrXQn8vKTGRFEuex3oVCEfTc
         NfUA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z19si846763ejl.54.2021.03.30.23.35.28;
        Tue, 30 Mar 2021 23:35:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233781AbhCaGee (ORCPT <rfc822;mahathug.lkml@gmail.com>
        + 99 others); Wed, 31 Mar 2021 02:34:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55546 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233686AbhCaGd7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Mar 2021 02:33:59 -0400
Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A11ADC061574;
        Tue, 30 Mar 2021 23:33:59 -0700 (PDT)
Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94 #2 (Red Hat Linux))
        id 1lRUPW-001Hcg-DQ; Wed, 31 Mar 2021 06:33:02 +0000
Date:   Wed, 31 Mar 2021 06:33:02 +0000
From:   Al Viro <viro@zeniv.linux.org.uk>
To:     Kees Cook <keescook@chromium.org>
Cc:     Casey Schaufler <casey@schaufler-ca.com>,
        =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>,
        James Morris <jmorris@namei.org>,
        Serge Hallyn <serge@hallyn.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Christoph Hellwig <hch@lst.de>,
        David Howells <dhowells@redhat.com>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        Jann Horn <jannh@google.com>,
        John Johansen <john.johansen@canonical.com>,
        Kentaro Takeda <takedakn@nttdata.co.jp>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        kernel-hardening@lists.openwall.com, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@linux.microsoft.com>
Subject: Re: [PATCH v5 1/1] fs: Allow no_new_privs tasks to call chroot(2)
Message-ID: <YGQXnqNsG0iUljvk@zeniv-ca.linux.org.uk>
References: <20210316203633.424794-1-mic@digikod.net>
 <20210316203633.424794-2-mic@digikod.net>
 <fef10d28-df59-640e-ecf7-576f8348324e@digikod.net>
 <85ebb3a1-bd5e-9f12-6d02-c08d2c0acff5@schaufler-ca.com>
 <b47f73fe-1e79-ff52-b93e-d86b2927bbdc@digikod.net>
 <77ec5d18-f88e-5c7c-7450-744f69654f69@schaufler-ca.com>
 <a8b2545f-51c7-01dc-1a14-e87beefc5419@digikod.net>
 <2fcff3d7-e7ca-af3b-9306-d8ef2d3fb4fb@schaufler-ca.com>
 <202103302249.6FE62C03@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <202103302249.6FE62C03@keescook>
Sender: Al Viro <viro@ftp.linux.org.uk>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 30, 2021 at 11:03:10PM -0700, Kees Cook wrote:

> Regardless, I still endorse this change because it doesn't make things
> _worse_, since without this, a compromised process wouldn't need ANY
> tricks to escape a chroot because it wouldn't be in one. :) It'd be nice
> if there were some way to make future openat() calls be unable to
> resolve outside the chroot, but I view that as an enhancement.
> 
> But, as it stands, I think this makes sense and I stand by my
> Reviewed-by tag. If Al is too busy to take it, and James would rather
> not take VFS, perhaps akpm would carry it? That's where other similar
> VFS security work has landed.

Frankly, I'm less than fond of that thing, but right now I'm buried
under all kinds of crap (->d_revalidate() joy, mostly).  I'll post
a review, but for now it's very definitely does *not* get an implicit
ACK from me.