Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp1024724lqd; Thu, 25 Apr 2024 04:03:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUIVE7FN4zaTEWeZIgRtdFJhBymxFUvwKTQ61R9B2C/HKBxm1h7Q9RlEz7kEQP/wJhX4i2gcKyqg6TtVgNfsMTi4CyzfxC1rs8rQJVuRg== X-Google-Smtp-Source: AGHT+IHpeRoJKWzb047MHQ4HdMhhs+FOkLlTZdt709TLjGvsUAzWBJG54kFV1Sj1KbQiQebAihi1 X-Received: by 2002:a17:906:6a9b:b0:a58:84e9:c669 with SMTP id p27-20020a1709066a9b00b00a5884e9c669mr3496128ejr.52.1714042986288; Thu, 25 Apr 2024 04:03:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714042986; cv=pass; d=google.com; s=arc-20160816; b=tOd1YeEHWkFw+9/2ARyJAAJzJkBKYcmsGxlfkBK2tJ5Wr9qAeop2kVGY6pRZfq9qyc 0DMOyGCQecYyGkJLc0my4rhiJEuK/eBwKcpo5u0B8z3U+k2l6ihGzOko8BI3gH/mRe2x EIA/+nGg5ARUwaGY+zNJlqlsrb635AE7T2YQOqUryuNQNaMXfPqjekb9wJoHBPHK47e7 C1DMNGOvkyb9H3bkdmAxxMpGZ4kWNTT21indiopvXkXyFg46CJHK8v0B1AP95tkAOBx9 KrC2pXfP4JH/tvXaF/t+4afggB7Nl6BXSpyVcFcQG9nLYFy19YXxMUgDm7Urj2s3Aw+H O61A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=2qKI2Z1ZihKH3PK5JUq5HKpKbyzL6k/kwMrkHl1Ysfk=; fh=NAZhbNbNg72a9MNoyKYWiPjGISZfsDKftfPc7emPWhk=; b=TlOJaPNxSW/5bVd3we3u4kEuA95l0zVapFLWcSkgvAPh2vKzQeN/i9t/0Cob/3JnzI 4nPRtg5G572/spMvd0iD1wRbh0632FRWnk/jIXVSgrbr4dTpTFF3ERVNmpfyBZoKb3zd ITFF3vNjTu3A1+xhZjMmrt/bHN2tZjLiZrO00bfxFAMUm+zImSziMV4Pnpbmbrj8rpDS Nj8i5cTX7GlJEf05CM2dTu0WKhNFbmoVuxLh90iHieTg9qHw5Of4loj1Vt2Io3aNo/6D PFzjlEx1ykZLs4ZVQZgYareeykK5uy483pmT4h9HJjX5E8KlTqON0hWj/l7zE72lcA6n nA7Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=Ys1qysBY; arc=pass (i=1 spf=pass spfdomain=yandex.ru dkim=pass dkdomain=yandex.ru dmarc=pass fromdomain=yandex.ru); spf=pass (google.com: domain of linux-kernel+bounces-158422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158422-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id o9-20020a17090608c900b00a52262d7b4esi10220340eje.35.2024.04.25.04.03.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Apr 2024 04:03:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-158422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b=Ys1qysBY; arc=pass (i=1 spf=pass spfdomain=yandex.ru dkim=pass dkdomain=yandex.ru dmarc=pass fromdomain=yandex.ru); spf=pass (google.com: domain of linux-kernel+bounces-158422-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158422-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 08D331F2264C for ; Thu, 25 Apr 2024 11:03:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 56D1625774; Thu, 25 Apr 2024 11:02:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="Ys1qysBY" Received: from forward502c.mail.yandex.net (forward502c.mail.yandex.net [178.154.239.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E26B41CFA9; Thu, 25 Apr 2024 11:02:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=178.154.239.210 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714042974; cv=none; b=oghj9Cqw+nxOdOEuXbfejyp9/2AXbvnIgD28/W9grGTz7Cn2JEPU/voSmUH0/7gVPBedegPGdgyNvY7lEzMc4X8hdsb92wkV/13Rp4c31MBzjLyUL/1gYha5fZwOG/6qPYtHtuHxDbZPDWQJAa46pxVK97n8opiR/lsw/rrnczw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714042974; c=relaxed/simple; bh=2qKI2Z1ZihKH3PK5JUq5HKpKbyzL6k/kwMrkHl1Ysfk=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=qNnu24760Grvgk4kH54Hnjc6/Jj7XwYozzm03xbPLE2/6K6AOGEsP9ZfRmETFxWOWY+tpeMBatrSc2UmEOKjAJgSAk9oJ813y5wTze1IZSbRNgXWXr8IlZvHYpWXiNhNF7JOlrTpZjKlvnadnUaVtdb/JuhkN5BCtn8HanREaic= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru; spf=pass smtp.mailfrom=yandex.ru; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b=Ys1qysBY; arc=none smtp.client-ip=178.154.239.210 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Received: from mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:6e90:0:640:af43:0]) by forward502c.mail.yandex.net (Yandex) with ESMTPS id D2E2F60E0A; Thu, 25 Apr 2024 14:02:42 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id e2Ko8LKdv8c0-v4eo7DhA; Thu, 25 Apr 2024 14:02:41 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1714042961; bh=2qKI2Z1ZihKH3PK5JUq5HKpKbyzL6k/kwMrkHl1Ysfk=; h=From:In-Reply-To:Cc:Date:References:To:Subject:Message-ID; b=Ys1qysBYUJJ1W0O+zWJaRNKGCx4zGCUmj6SO3MNr5tEDBXqc54vJCvaZgr3CI7P0f 4FFjmlXKC7Hy8HWYHKDOUJo6iAFqeCUzCOWx3dHCGSZTRvMIE1mOUOdySPBPE8g0Uk sfu0nUY70YTmqPH0ORwV8lgZK0IAwELbGt2JLzlU= Authentication-Results: mail-nwsmtp-smtp-production-main-33.iva.yp-c.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <08d4dde6-d333-4992-abc6-35291a44c65f@yandex.ru> Date: Thu, 25 Apr 2024 14:02:40 +0300 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2() Content-Language: en-US To: Andy Lutomirski Cc: linux-kernel@vger.kernel.org, Stefan Metzmacher , Eric Biederman , Alexander Viro , Andy Lutomirski , Christian Brauner , Jan Kara , Jeff Layton , Chuck Lever , Alexander Aring , linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, Paolo Bonzini , =?UTF-8?Q?Christian_G=C3=B6ttsche?= , Aleksa Sarai References: <20240423110148.13114-1-stsp2@yandex.ru> <4D2A1543-273F-417F-921B-E9F994FBF2E8@amacapital.net> <0e2e48be-86a8-418c-95b1-e8ca17469198@yandex.ru> From: stsp In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit 25.04.2024 03:43, Andy Lutomirski пишет: > But you missed the FMODE_CRED part! OK, I thought its not needed if fd is limited to the one created by the same process. But your explanation is quite clear on that its needed anyway, or otherwise the unsuspecting process doesn't fully drop his privs. Thank you for explaining that bit. Which leaves just one question: is such an opt-in enough or not? Viro points it may not be enough, but doesn't explain why exactly. Maybe we need such an opt-in, and it should be dropped on exec() and on passing via unix fd? I don't know what additional restrictions are needed, as Viro didn't clarify that part, but the opt-in is needed for sure.