Re: [RFC] call_with_creds()

From: Linus Torvalds
Date: Wed Jul 18 2018 - 19:17:13 EST

Next message: Dave Hansen: "Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs"
Previous message: Masahiro Yamada: "Re: [PATCH 2/2] kbuild: buildtar: add arm64 support"
In reply to: David Howells: "Re: [RFC] call_with_creds()"
Next in thread: David Howells: "Re: [RFC] call_with_creds()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 18, 2018 at 2:27 PM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> As I may have said, I have tried modifying the kernel to pass the cred pointer
> down.

It should always be there in the 'struct file *'.

Now, we may have some broken stuff that passes only inodes down, but
they probably really should be fixed.

> The drivers and ioctl() implementations are/were particularly nasty in
> this respect. So many of them were doing checks against the current thread,
> not f_cred.

So ioctl() may be ok, simply because at least you shouldn't be able to
fool suid programs to do ioctl's on untrusted file descriptors.

So using current_cred() is still technically very wrong, but it's
probably not a huge problem in practice.

Now, if there's some cachefs kind of "do ioctl at the behest of
somebody else", then *that* would be a problem. I'm hoping there
isn't.

Linus

Next message: Dave Hansen: "Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs"
Previous message: Masahiro Yamada: "Re: [PATCH 2/2] kbuild: buildtar: add arm64 support"
In reply to: David Howells: "Re: [RFC] call_with_creds()"
Next in thread: David Howells: "Re: [RFC] call_with_creds()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]