[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFxh62Yttq-W2Cr_YQQ5tAL1xjijjnaz1-zdZNqZPQFM0g@mail.gmail.com>
Date: Wed, 18 Jul 2018 11:19:18 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Miklos Szeredi <mszeredi@...hat.com>,
Stephen Rothwell <sfr@...b.auug.org.au>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] call_with_creds()
On Wed, Jul 18, 2018 at 11:13 AM Al Viro <viro@...iv.linux.org.uk> wrote:
>
> Linus, David - do you have any objections to the above?
I damn well do.
I explained earlier why it's wrong and fragile, and why it can just
cause the *reverse* security problem if you do it wrong. So now you
take a subtle bug, and make it even more subtle, and encourage people
to do this known-broken model of using creds at IO time.
No.
Some debugging option to just clear current->creds entirely and catch
mis-uses, sure. But saying "we have shit buggy garbage in random write
functions, so we'll just paper over it"? No.
Linus
Powered by blists - more mailing lists