From: David Laight <David.Laight@ACULAB.COM>
To: 'Aleksa Sarai' <cyphar@cyphar.com>, Alexey Gladkov <legion@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
"James.Bottomley@hansenpartnership.com"
<James.Bottomley@hansenpartnership.com>,
"acme@kernel.org" <acme@kernel.org>,
"alexander.shishkin@linux.intel.com"
<alexander.shishkin@linux.intel.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"christian@brauner.io" <christian@brauner.io>,
"dalias@libc.org" <dalias@libc.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"deepa.kernel@gmail.com" <deepa.kernel@gmail.com>,
"deller@gmx.de" <deller@gmx.de>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"fenghua.yu@intel.com" <fenghua.yu@intel.com>,
"fweimer@redhat.com" <fweimer@redhat.com>,
"geert@linux-m68k.org" <geert@linux-m68k.org>,
"glebfm@altlinux.org" <glebfm@altlinux.org>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"hare@suse.com" <hare@suse.com>, "hpa@zytor.com" <hpa@zytor.com>,
"ink@jurassic.park.msu.ru" <ink@jurassic.park.msu.ru>,
"jhogan@kernel.org" <jhogan@kernel.org>,
"kim.phillips@arm.com" <kim.phillips@arm.com>,
"ldv@altlinux.org" <ldv@altlinux.org>,
"linux-alpha@vger.kernel.org" <linux-alpha@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
"linux-m68k@lists.linux-m68k.org"
<linux-m68k@lists.linux-m68k.org>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>,
"linux-parisc@vger.kernel.org" <linux-parisc@vger.kernel.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"linux-sh@vger.kernel.org" <linux-sh@vger.kernel.org>,
"linux@armlinux.org.uk" <linux@armlinux.org.uk>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"luto@kernel.org" <luto@kernel.org>,
"mattst88@gmail.com" <mattst88@gmail.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"monstr@monstr.eu" <monstr@monstr.eu>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"namhyung@kernel.org" <namhyung@kernel.org>,
"paulus@samba.org" <paulus@samba.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"ralf@linux-mips.org" <ralf@linux-mips.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"stefan@agner.ch" <stefan@agner.ch>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"tony.luck@intel.com" <tony.luck@intel.com>,
"tycho@tycho.ws" <tycho@tycho.ws>,
"will@kernel.org" <will@kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"ysato@users.sourceforge.jp" <ysato@users.sourceforge.jp>,
Palmer Dabbelt <palmer@sifive.com>
Subject: RE: [PATCH v4 2/5] fs: Add fchmodat2()
Date: Fri, 28 Jul 2023 08:43:58 +0000 [thread overview]
Message-ID: <dc48b40748e24d3799e7ee66fa7e8cb4@AcuMS.aculab.com> (raw)
In-Reply-To: <20230727.173441-loving.habit.lame.acrobat-V6VTPe8G4FRI@cyphar.com>
...
> FWIW, I agree with Christian that these behaviours are not ideal (and
> I'm working on a series that might allow for these things to be properly
> blocked in the future) but there's also the consistency argument -- I
> don't think fchownat() is much safer to allow in this way than
> fchmodat() and (again) this behaviour is already possible through
> procfs.
If the 'through procfs' involves readlink("/proc/self/fd/n") and
accessing through the returned path then the permission checks
are different.
Using the returned path requires search permissions on all the
directories.
This is all fine for xxxat() functions where a real open
directory fd is supplied.
But other cases definitely need a lot of thought to ensure
they don't let programs acquire permissions they aren't
supposed to have.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2023-07-28 8:44 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-17 1:27 Add a new fchmodat4() syscall, v2 Palmer Dabbelt
2019-07-17 1:27 ` [PATCH v2 1/4] Non-functional cleanup of a "__user * filename" Palmer Dabbelt
2019-07-17 1:27 ` [PATCH v2 2/4] Add fchmodat4(), a new syscall Palmer Dabbelt
2019-07-17 1:48 ` Al Viro
2019-07-17 2:12 ` Palmer Dabbelt
2019-07-17 2:40 ` Rich Felker
2019-07-17 3:02 ` Al Viro
2019-07-17 1:27 ` [PATCH v2 3/4] arch: Register fchmodat4, usually as syscall 434 Palmer Dabbelt
2019-07-17 1:27 ` [PATCH v2 4/4] tools: Add fchmodat4 Palmer Dabbelt
2019-07-17 12:39 ` Arnaldo Carvalho de Melo
2020-06-09 13:52 ` Add a new fchmodat4() syscall, v2 Florian Weimer
2023-07-11 11:25 ` [PATCH v3 0/5] Add a new fchmodat4() syscall Alexey Gladkov
2023-07-11 11:25 ` [PATCH v3 1/5] Non-functional cleanup of a "__user * filename" Alexey Gladkov
2023-07-11 11:32 ` Arnd Bergmann
2023-07-11 11:25 ` [PATCH v3 2/5] fs: Add fchmodat4() Alexey Gladkov
2023-07-11 11:42 ` Arnd Bergmann
2023-07-11 11:52 ` Christian Brauner
2023-07-11 12:51 ` Alexey Gladkov
2023-07-11 14:01 ` Christian Brauner
2023-07-11 15:23 ` Alexey Gladkov
2023-07-11 12:28 ` Matthew Wilcox
2023-07-11 12:49 ` Alexey Gladkov
2023-07-11 11:25 ` [PATCH v3 3/5] arch: Register fchmodat4, usually as syscall 451 Alexey Gladkov
2023-07-11 11:31 ` Arnd Bergmann
2023-07-11 11:25 ` [PATCH v3 4/5] tools headers UAPI: Sync files changed by new fchmodat4 syscall Alexey Gladkov
2023-07-11 11:25 ` [PATCH v3 5/5] selftests: add fchmodat4(2) selftest Alexey Gladkov
2023-07-11 12:10 ` Florian Weimer
2023-07-11 13:38 ` Alexey Gladkov
2023-07-11 12:24 ` [PATCH v3 0/5] Add a new fchmodat4() syscall Florian Weimer
2023-07-11 15:14 ` Christian Brauner
2023-07-25 11:05 ` Alexey Gladkov
2023-07-25 12:05 ` Christian Brauner
2023-07-11 16:16 ` [PATCH v4 0/5] Add a new fchmodat2() syscall Alexey Gladkov
2023-07-11 16:16 ` [PATCH v4 1/5] Non-functional cleanup of a "__user * filename" Alexey Gladkov
2023-07-11 16:16 ` [PATCH v4 2/5] fs: Add fchmodat2() Alexey Gladkov
2023-07-11 17:05 ` Christian Brauner
2023-07-25 16:36 ` Aleksa Sarai
2023-07-26 13:45 ` Alexey Gladkov
2023-07-27 10:26 ` Christian Brauner
2023-07-27 17:12 ` Aleksa Sarai
2023-07-27 17:39 ` Aleksa Sarai
2023-07-28 8:43 ` David Laight [this message]
2023-07-28 18:42 ` dalias
2023-07-27 9:01 ` David Laight
2023-07-27 16:28 ` Andreas Schwab
2023-07-27 17:02 ` Christian Brauner
2023-07-27 17:13 ` dalias
2023-07-27 17:36 ` Christian Brauner
2023-07-27 16:31 ` dalias
2023-07-11 16:16 ` [PATCH v4 3/5] arch: Register fchmodat2, usually as syscall 452 Alexey Gladkov
2023-07-11 16:26 ` Arnd Bergmann
2023-07-25 7:16 ` Geert Uytterhoeven
2023-07-25 16:43 ` Aleksa Sarai
2023-07-27 10:37 ` Christian Brauner
2023-07-27 17:42 ` Aleksa Sarai
2023-07-11 16:16 ` [PATCH v4 4/5] tools headers UAPI: Sync files changed by new fchmodat2 syscall Alexey Gladkov
2023-07-11 17:19 ` Namhyung Kim
2023-07-11 17:23 ` Alexey Gladkov
2023-07-11 16:16 ` [PATCH v4 5/5] selftests: Add fchmodat2 selftest Alexey Gladkov
2023-07-11 17:36 ` (subset) [PATCH v4 0/5] Add a new fchmodat2() syscall Christian Brauner
2023-07-12 2:42 ` Rich Felker
2023-07-25 15:58 ` Add fchmodat2() - or add a more general syscall? David Howells
2023-07-25 16:10 ` Florian Weimer
2023-07-25 16:50 ` Aleksa Sarai
2023-07-25 18:39 ` David Howells
2023-07-25 18:44 ` Rich Felker
2023-07-26 13:30 ` Christian Brauner
2023-07-27 3:57 ` Eric Biggers
2023-07-27 10:27 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc48b40748e24d3799e7ee66fa7e8cb4@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=dalias@libc.org \
--cc=davem@davemloft.net \
--cc=deepa.kernel@gmail.com \
--cc=deller@gmx.de \
--cc=dhowells@redhat.com \
--cc=fenghua.yu@intel.com \
--cc=fweimer@redhat.com \
--cc=geert@linux-m68k.org \
--cc=glebfm@altlinux.org \
--cc=gor@linux.ibm.com \
--cc=hare@suse.com \
--cc=hpa@zytor.com \
--cc=ink@jurassic.park.msu.ru \
--cc=jhogan@kernel.org \
--cc=kim.phillips@arm.com \
--cc=ldv@altlinux.org \
--cc=legion@kernel.org \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=mattst88@gmail.com \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=palmer@sifive.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=sparclinux@vger.kernel.org \
--cc=stefan@agner.ch \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=tycho@tycho.ws \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).