Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 1 Sep 2002 08:58:44 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 1 Sep 2002 08:58:44 -0400 Received: from mons.uio.no ([129.240.130.14]:44777 "EHLO mons.uio.no") by vger.kernel.org with ESMTP id ; Sun, 1 Sep 2002 08:58:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15730.4100.308481.326297@charged.uio.no> Date: Sun, 1 Sep 2002 15:03:00 +0200 To: Luca Barbieri Cc: Linus Torvalds , Linux FSdevel , Linux Kernel Subject: Re: [PATCH] Initial support for struct vfs_cred [0/1] In-Reply-To: <1030835635.1422.39.camel@ldb> References: <1030822731.1458.127.camel@ldb> <15729.17279.474307.914587@charged.uio.no> <1030835635.1422.39.camel@ldb> X-Mailer: VM 7.00 under 21.4 (patch 6) "Common Lisp" XEmacs Lucid Reply-To: trond.myklebust@fys.uio.no From: Trond Myklebust Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1113 Lines: 29 >>>>> " " == Luca Barbieri writes: > For example, rather than this; > you can just do this: > - uid_t saved_fsuid = current->fsuid; > + uid_t saved_fsuid = current->fscred.uid; > kernel_cap_t saved_cap = > current->cap_effective; But I don't want to have to do that at all. Why should I change the actual task's privileges in order to call down into a single VFS function? The point of VFS support for credentials is to eliminate these hacks, and cut down on all this gratuitous changing of privilege. That's what we want the API changes for. Who cares if changing fsuid/fsgid is more expensive? The only place we should actually be doing that is in sys_fsuid(), sys_fsgid(), and possibly daemonize(), where adequate security checks can be made. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/