Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp1665074rwb; Fri, 28 Jul 2023 12:56:37 -0700 (PDT) X-Google-Smtp-Source: APBJJlGYfpQaKYH5O+nsG0LM8VQIQMmAtWkowMZw5dZtw2FAowNdn2PqU5VL00eHstc6zdMhjQN9 X-Received: by 2002:a17:90b:4a92:b0:256:807e:6bd with SMTP id lp18-20020a17090b4a9200b00256807e06bdmr2358415pjb.28.1690574197389; Fri, 28 Jul 2023 12:56:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690574197; cv=none; d=google.com; s=arc-20160816; b=occ0dxEhhmMwh6PZsCZNUxN8etjeOMZhH4zcUMHia7YprX/22f/Tf/VYaQLMWJufPJ QF6hq13L/DiTigI7hMubDIRCg1SpP4Wp3uaka+SgK+kndz85KVfdrTMI2qNQ/iLbJpVn itvHgS9KeZsjnkY/Gd94t7OtNwvUFC8f6FCY4H9hOiCkr8IeBwpEYeOklpcjwP/2U+pf ESvtIV5DEs4nLhakaQLJHN8kpipvY3UDN1q/9piztSDKspFbtz30khZDEkgP7M3UhYSy HW1ZlvqNktyfgH4UAyqRBmDZswgvZVHWqwnxkq0pjFrA1q9jBAx81n0R8bFV4G3cBlUD nu3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=2shYB0nNFBsBzLJCq5LYKhnlw/vqJCkbuKCHxgv9AoY=; fh=Q3aaAfY3sac/e2MmBMzRLk2ss6stI17w+SoybUbPgM4=; b=JXPD7HeYM4i2pEIYRMMEQ4knjsf54E+/F3r4CEpiEiDqTVrwtyBrBk7qpSPaF1sNVd vrBVMMQJV1kTjL9XRDRFps5tLFAULfkDBLRgoKEySyO+WwTL8qDqUSTdEyESf6TI7hqy I4NfLuILHBzFPdv1biWgz4iOLq0DGzR4/0tl5SF8IVcLZUg5yrnDSJKOG+PAcZ5S/Wcq 7RM0+kmJ/KhNdrktaCOd5x5w1z0sjCe+LWlM6NDqNt5YyA19X2J2XlKrHcb03Vp+UIxd n+Q8sElwnMpH8lq4CEMIG4uMdJyIbgcofBM+zETf5bTPDzOmgjEd++AbOM06/Ytu+Wec IsTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kk6-20020a17090b4a0600b00262de4b0d87si3731688pjb.16.2023.07.28.12.56.24; Fri, 28 Jul 2023 12:56:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234668AbjG1Smp (ORCPT + 99 others); Fri, 28 Jul 2023 14:42:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231368AbjG1Smi (ORCPT ); Fri, 28 Jul 2023 14:42:38 -0400 Received: from brightrain.aerifal.cx (brightrain.aerifal.cx [216.12.86.13]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9A7B46B4 for ; Fri, 28 Jul 2023 11:42:22 -0700 (PDT) Date: Fri, 28 Jul 2023 14:42:12 -0400 From: "dalias@libc.org" To: David Laight Cc: 'Aleksa Sarai' , Alexey Gladkov , LKML , Arnd Bergmann , "linux-api@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "viro@zeniv.linux.org.uk" , "James.Bottomley@hansenpartnership.com" , "acme@kernel.org" , "alexander.shishkin@linux.intel.com" , "axboe@kernel.dk" , "benh@kernel.crashing.org" , "borntraeger@de.ibm.com" , "bp@alien8.de" , "catalin.marinas@arm.com" , "christian@brauner.io" , "davem@davemloft.net" , "deepa.kernel@gmail.com" , "deller@gmx.de" , "dhowells@redhat.com" , "fenghua.yu@intel.com" , "fweimer@redhat.com" , "geert@linux-m68k.org" , "glebfm@altlinux.org" , "gor@linux.ibm.com" , "hare@suse.com" , "hpa@zytor.com" , "ink@jurassic.park.msu.ru" , "jhogan@kernel.org" , "kim.phillips@arm.com" , "ldv@altlinux.org" , "linux-alpha@vger.kernel.org" , "linux-arch@vger.kernel.org" , "linux-ia64@vger.kernel.org" , "linux-m68k@lists.linux-m68k.org" , "linux-mips@vger.kernel.org" , "linux-parisc@vger.kernel.org" , "linux-s390@vger.kernel.org" , "linux-sh@vger.kernel.org" , "linux@armlinux.org.uk" , "linuxppc-dev@lists.ozlabs.org" , "luto@kernel.org" , "mattst88@gmail.com" , "mingo@redhat.com" , "monstr@monstr.eu" , "mpe@ellerman.id.au" , "namhyung@kernel.org" , "paulus@samba.org" , "peterz@infradead.org" , "ralf@linux-mips.org" , "sparclinux@vger.kernel.org" , "stefan@agner.ch" , "tglx@linutronix.de" , "tony.luck@intel.com" , "tycho@tycho.ws" , "will@kernel.org" , "x86@kernel.org" , "ysato@users.sourceforge.jp" , Palmer Dabbelt Subject: Re: [PATCH v4 2/5] fs: Add fchmodat2() Message-ID: <20230728184212.GD20050@brightrain.aerifal.cx> References: <20230727.041348-imposing.uptake.velvet.nylon-712tDwzCAbCCoSGx@cyphar.com> <20230727.173441-loving.habit.lame.acrobat-V6VTPe8G4FRI@cyphar.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 28, 2023 at 08:43:58AM +0000, David Laight wrote: > .... > > FWIW, I agree with Christian that these behaviours are not ideal (and > > I'm working on a series that might allow for these things to be properly > > blocked in the future) but there's also the consistency argument -- I > > don't think fchownat() is much safer to allow in this way than > > fchmodat() and (again) this behaviour is already possible through > > procfs. > > If the 'through procfs' involves readlink("/proc/self/fd/n") and > accessing through the returned path then the permission checks > are different. > Using the returned path requires search permissions on all the > directories. That's *not* how "through procfs" works. The "magic symlinks" in /proc/*/fd are not actual symlinks that get dereferenced to the contents they readlink() to, but special-type objects that dereference directly to the underlying file associated with the open file description. Rich