Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1646254pxp; Sat, 12 Mar 2022 17:08:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJzi9yBDR2ISTzkBjFCLSZW/chYjmhdTx7Rsr+vS/WrWdaRPkmVuxRI3O/ENxvf7MZ7yprd8 X-Received: by 2002:a17:907:2487:b0:6d6:e95f:8cbc with SMTP id zg7-20020a170907248700b006d6e95f8cbcmr14173332ejb.732.1647133687923; Sat, 12 Mar 2022 17:08:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1647133687; cv=none; d=google.com; s=arc-20160816; b=J2dOA8LZm+4xZmzMbIhXgGKxvgUzQt5dUd0QxUc2g6pYKTwC0UkT8wl3GCY3X+l0DR xw0LHAAijR/u5IBgYjIeG/MnydLvZ5tqKvcbHfxl5urvhL5cTIxBYdG/JgcAmfViU9R1 dvkHmOIOqpZlGFcnWedb3kWFobGs6zliRq7lvFrC2LypzAhYyv/sUTQtrK2eqSzgUV8K LURbSknI/fHLiRecKEgz+2PQ6f3j7IvVwz5ivgy/8lTrfmtGMGHUWO4rxWCEFROL8BbI EgaJnbfe40a2J+SPJgbrBBN+BuiicZl0fyGWxAUCu+I/BY6+1DibOV2aPdquwi4fcjm1 LPAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Pxin1j5j6CcmsdIEAHJPFzyAPatANahFw6X6/cFoxnM=; b=OOLqOqLIZCROCAXAeI98SWa7nppU3VOb8kIA3X1Gz9zWew72PcK0+XUGEsA8wRlpcf dtybrMCrAWXj8+t02TrcNzn23zELpm2zcvp6dl2DwuXL/K6jG8hU67FoO+BUjUYyNvsq zBRLVYzDXKk4bEcOPkTx4SLTRa0k05usQFTwCUBV0RZ+ReZY1m9w5aIklt0vn+FCJRm2 QdnHdz07sIqoAdM2Izn1QGR3d2jPYqW7/Plq11soG1d9dPweTPIzZucK+RFpwgkUUzot wVq3GPEi/sbIpcjfTCvk/pbzMb60XTAwjX7D9mMMBXIia39WdTwW2Vlnszl8VdwHpr8z yazA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=SU4xr4X6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i1-20020a0564020f0100b004184b949296si3233063eda.293.2022.03.12.17.07.33; Sat, 12 Mar 2022 17:08:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=SU4xr4X6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231822AbiCLPSq (ORCPT + 99 others); Sat, 12 Mar 2022 10:18:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231470AbiCLPSp (ORCPT ); Sat, 12 Mar 2022 10:18:45 -0500 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CAC020C185 for ; Sat, 12 Mar 2022 07:17:38 -0800 (PST) Received: by mail-ed1-x52e.google.com with SMTP id y8so9237304edl.9 for ; Sat, 12 Mar 2022 07:17:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Pxin1j5j6CcmsdIEAHJPFzyAPatANahFw6X6/cFoxnM=; b=SU4xr4X6+2waARawoylMlsiCPWBIBETU0MciuaZEiWdrDk2hx5UmhtjVBnOvAg/j8Y P5AEc3LcMVyzxEP5nHlv2Olz53uvkKS0fxrgUxGcRFmX98+Qq6Q6eMA/vwzJmqCvzO/O j+/mBzE+2Hp2rK2NI//4QDTmfX1LS9FohQxULpnfR8tTvY+r5fNWcupz8YhvqN+Qfuv8 G8GJScHk8gdOrtgUA2dETidap7xy6kcyCZ5Ayh4fMOWadoH7T5SieRyl6yB9ATdxntP9 /mrpSZqnk7afxXSrRZfLG9VUNA1B3WEMpKhYck68O+2UM4Q/g0ZrqJAGonS296H4uEre YMyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Pxin1j5j6CcmsdIEAHJPFzyAPatANahFw6X6/cFoxnM=; b=PfeTQOjJzhfX2jiJQLuUTrKCBqm/Qfh74RKUdcsfDKy5+kuD/yrZEFVAaJFhIJj/3k QUT5xr9fepj8+6N8Ke5PE5eVZ8RgDD9cC4cbpbbzcHtlQ+iqECZBfbuSycoIkMLvvLnG tHpl/I2YOseFMFYeqgBFR4eiacfSEUryEehjr9hc41ONRwYx90SKMAwuYyq7Vd9Ye13l Idaw8X+TL5LoMWVqmBETAUIaYulPqwinPQFKKGN5TS5VpFaxmrkRlsdKmfctfZyOTLff qYAsMpFv9cH0kR6Ho4BdTJ19iAg4o21vYI450bmm5F5wQUjrtbNze3vIxXyRsDT37MNA sz1Q== X-Gm-Message-State: AOAM5303s0xj74C7u0PcMfUh0oHQITgLeuQjjIJXzpYkM9S/qrCMYl+2 s4ej2wja7vZKDUa3IdyZy+J0u1yvf6Xrm964/FCe X-Received: by 2002:a05:6402:2552:b0:416:a745:9626 with SMTP id l18-20020a056402255200b00416a7459626mr13558015edb.405.1647098256718; Sat, 12 Mar 2022 07:17:36 -0800 (PST) MIME-Version: 1.0 References: <20220228215935.748017-1-mic@digikod.net> <20220301092232.wh7m3fxbe7hyxmcu@wittgenstein> <8d520529-4d3e-4874-f359-0ead9207cead@canonical.com> In-Reply-To: From: Paul Moore Date: Sat, 12 Mar 2022 10:17:25 -0500 Message-ID: Subject: Re: [PATCH v1] fs: Fix inconsistent f_mode To: Tetsuo Handa Cc: John Johansen , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Al Viro , Christian Brauner , "Darrick J . Wong" , Eric Paris , James Morris , Kentaro Takeda , Miklos Szeredi , "Serge E . Hallyn" , Stephen Smalley , Steve French , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , selinux@vger.kernel.org, Casey Schaufler Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 11, 2022 at 8:35 PM Tetsuo Handa wrote: > On 2022/03/12 7:15, Paul Moore wrote: > > The silence on this has been deafening :/ No thoughts on fixing, or > > not fixing OPEN_FMODE(), Al? > > On 2022/03/01 19:15, Micka=C3=ABl Sala=C3=BCn wrote: > > > > On 01/03/2022 10:22, Christian Brauner wrote: > >> That specific part seems a bit risky at first glance. Given that the > >> patch referenced is from 2009 this means we've been allowing O_WRONLY = | > >> O_RDWR to succeed for almost 13 years now. > > > > Yeah, it's an old bug, but we should keep in mind that a file descripto= r > > created with such flags cannot be used to read nor write. However, > > unfortunately, it can be used for things like ioctl, fstat, chdir=E2=80= =A6 I > > don't know if there is any user of this trick. > > I got a reply from Al at https://lkml.kernel.org/r/20090212032821.GD28946= @ZenIV.linux.org.uk > that sys_open(path, 3) is for ioctls only. And I'm using this trick when = opening something > for ioctls only. Thanks Tetsuo, that's helpful. After reading your email I went digging around to see if this was documented anywhere, and buried in the open(2) manpage, towards the bottom under the "File access mode" header, is this paragraph: "Linux reserves the special, nonstandard access mode 3 (binary 11) in flags to mean: check for read and write permission on the file and return a file descriptor that can't be used for reading or writing. This nonstandard access mode is used by some Linux drivers to return a file descriptor that is to be used only for device-specific ioctl(2) operations." I learned something new today :) With this in mind it looks like doing a SELinux file:ioctl check is the correct thing to do. Thanks again Tetsuo for clearing things up. --=20 paul-moore.com