Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3496408pxb; Mon, 4 Apr 2022 18:51:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQ4w3G2B6kj4rwbTaXUR8zQH1MZ3e4a4MjSzBQYCB7NPjlrU8MM9vUbIWJMjXL7OqV1wsc X-Received: by 2002:a62:5343:0:b0:4f7:baad:5c22 with SMTP id h64-20020a625343000000b004f7baad5c22mr1112363pfb.30.1649123483250; Mon, 04 Apr 2022 18:51:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649123483; cv=none; d=google.com; s=arc-20160816; b=XSK5pFmpeWT9RR0uVS5J+YGQ5gr0kBrW4B8S7P/kVIY1P+GyaktzXDF21LPOAjmXM1 +DWevdFZy1j1g7yGGU+pFljO8DSvx6yyTlsTZLBbnEnbuIODG/BEbsNiIsM8ZehXxrm3 2dMp288YA9f1X8HRYOizO7T/jRltjTXpG6oEVhmnYnolrMt5kkw2QYJDq2gBHaUe4qs9 CFUbRfQHcsgFzbAJPSl4AuiK5suM5Alwsl+xQBrw5UKWCnmRhEy5RX48y6sDnQFtEMrA XSAFsTsbpoB4ivvI9ZiO10aB5lPkbe3Cppa+EUyeh1oqupOtwyBgeseh0DqiNj2JUHh7 9eAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=gE1myDBwoMMXv/sqmeeTtdtKANbFnGzqW1O8e9pC9SM=; b=M+GxfoVHriMfe6RqheOjTzA8LRoImNCvmkoqh4BlVmcQ1SxhEIcXXVitJTt0XhdFZ4 +Lgy74QIjIf1FIhaRxW/nCncgnqQeWGX/E5ZlYGeyrxVmnRRQ2GO4B/fRhQa6V4qqUsA CpwBa+H7sV0VOotu6p/EUlSARiGiiW889mywWuLnH6xTVgy3qDFEOYseOwlw87QbVf/c PHi7UD15RhsCvM49VKLi+aqqAyeuOd873jcqDx9eo02EsgffAN1wcxMjZHZdG1nBpYUO 9F+2SiOQZIWvWE/Q/f3uD10u/J28ksFcKb4b15ihUmkGcPhrZpmDZRNPMi1i0Wve0YGR ZJ4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Yw1ZNqAp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id v7-20020a63bf07000000b0039854fb2001si11882700pgf.496.2022.04.04.18.51.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 18:51:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Yw1ZNqAp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id AB4902D9A04; Mon, 4 Apr 2022 17:53:51 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380276AbiDDV7h (ORCPT + 99 others); Mon, 4 Apr 2022 17:59:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1380065AbiDDSy5 (ORCPT ); Mon, 4 Apr 2022 14:54:57 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E21431501 for ; Mon, 4 Apr 2022 11:53:00 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id bg10so21944539ejb.4 for ; Mon, 04 Apr 2022 11:53:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=gE1myDBwoMMXv/sqmeeTtdtKANbFnGzqW1O8e9pC9SM=; b=Yw1ZNqApekZ8AeL0PldgD9VjhOHOy85q4fAqhpYMwGIKsvyjwUgV3+tfYqgx/Hct6n jD5U2/G9z45ZzVG+RK48MiJA/vGEl6/n1PrVgO3E4okVxoNB71vm3JXzkpG1pNnI8dPy LprtMmSxkZJ8rgeVf8rwgvz2/P8kEtbmNFRow= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=gE1myDBwoMMXv/sqmeeTtdtKANbFnGzqW1O8e9pC9SM=; b=A1LXfzaWixEcJNsi+Wc6eXp5bhZcID9tVfPsV4VdaFotBf9E23tZFPsW1uALt5sgez dIAysJCXFeTa4VikQeM1xqETBBMl/Zc7edpXFD6ApNqx4RApasX0VfCI3lQ8kjSX0mjd 4SIRFs1I+eyRUDOUhQpsLDbad6K4XPOtINPxg22vi6ByU0B7BJiwWID6KMb1NQPub2gj GmiwgDT4UsBuDEmiNlQnDLNaDtGPJlCHCHCBuMVHCQwGca1TBWUQTQu0K3ExcWO7qEKm v21YF2tW5TFG+snnrjs9GEGkjPt6MT15n5IkvSOUt91IR1/XWyTVgBcR43jVCoGSdqX/ zjtA== X-Gm-Message-State: AOAM532B6tbmFn1wvjgHP3InAqNUbQtR/24TC6QJtndypC2v5dMhukBN KQndNAFrYIGszliljXTjnOrriRSVHM9Gi9gcV38= X-Received: by 2002:a17:907:da8:b0:6e4:9b0c:8ed6 with SMTP id go40-20020a1709070da800b006e49b0c8ed6mr1476808ejc.85.1649098378761; Mon, 04 Apr 2022 11:52:58 -0700 (PDT) Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com. [209.85.208.50]) by smtp.gmail.com with ESMTPSA id p22-20020a17090653d600b006e7eb81d0b6sm2104245ejo.29.2022.04.04.11.52.58 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Apr 2022 11:52:58 -0700 (PDT) Received: by mail-ed1-f50.google.com with SMTP id d7so330972edn.11 for ; Mon, 04 Apr 2022 11:52:58 -0700 (PDT) X-Received: by 2002:a2e:a790:0:b0:249:906a:c6f1 with SMTP id c16-20020a2ea790000000b00249906ac6f1mr638041ljf.164.1649098065631; Mon, 04 Apr 2022 11:47:45 -0700 (PDT) MIME-Version: 1.0 References: <20220321161557.495388-1-mic@digikod.net> <202204041130.F649632@keescook> In-Reply-To: <202204041130.F649632@keescook> From: Linus Torvalds Date: Mon, 4 Apr 2022 11:47:29 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] Add trusted_for(2) (was O_MAYEXEC) To: Kees Cook Cc: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Al Viro , Andrew Morton , Christian Heimes , Geert Uytterhoeven , James Morris , Luis Chamberlain , Mimi Zohar , Muhammad Usama Anjum , Paul Moore , =?UTF-8?Q?Philippe_Tr=C3=A9buchet?= , Shuah Khan , Steve Dower , Thibaut Sautereau , Vincent Strubel , linux-fsdevel , linux-integrity , Linux Kernel Mailing List , LSM List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 4, 2022 at 11:40 AM Kees Cook wrote: > > It looks like this didn't get pulled for -rc1 even though it was sent > during the merge window and has been in -next for a while. It would be > really nice to get this landed since userspace can't make any forward > progress without the kernel support. Honestly, I need a *lot* better reasoning for random new non-standard system calls than this had. And this kind of "completely random interface with no semantics except for random 'future flags'" I will not pull even *with* good reasoning. I already told Micka=C3=ABl in private that I wouldn't pull this. Honestly, we have a *horrible* history with non-standard system calls, and that's been true even for well-designed stuff that actually matters, that people asked for. Something like this, which adds one very special system call and where the whole thing is designed for "let's add something random later because we don't even know what we want" is right out. What the system call seems to actually *want* is basically a new flag to access() (and faccessat()). One that is very close to what X_OK already is. But that wasn't how it was sold. So no. No way will this ever get merged, and whoever came up with that disgusting "trusted_for()" (for WHAT? WHO TRUSTS? WHY?) should look themselves in the mirror. If you add a new X_OK variant to access(), maybe that could fly. Linus