From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx3-rdu2.redhat.com ([66.187.233.73]:35024 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726992AbeGRWIc (ORCPT ); Wed, 18 Jul 2018 18:08:32 -0400 From: David Howells In-Reply-To: References: <20180711161540.GS30522@ZenIV.linux.org.uk> <20180712124326.GA19272@ZenIV.linux.org.uk> <20180712155337.GU30522@ZenIV.linux.org.uk> <20180718025636.GA26175@ZenIV.linux.org.uk> <20180718132955.2bf185b7@canb.auug.org.au> <20180718124340.GS30522@ZenIV.linux.org.uk> <20180718181252.GU30522@ZenIV.linux.org.uk> To: Linus Torvalds Cc: dhowells@redhat.com, Al Viro , Miklos Szeredi , Stephen Rothwell , linux-fsdevel , Linux Kernel Mailing List Subject: Re: [RFC] call_with_creds() MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <15658.1531949324.1@warthog.procyon.org.uk> Date: Wed, 18 Jul 2018 22:28:44 +0100 Message-ID: <15659.1531949324@warthog.procyon.org.uk> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Linus Torvalds wrote: > I explained earlier why it's wrong and fragile, and why it can just > cause the *reverse* security problem if you do it wrong. So now you > take a subtle bug, and make it even more subtle, and encourage people > to do this known-broken model of using creds at IO time. Are network filesystems allowed to use f_cred at I/O time to determine the authentication/encryption parameters to commune with the server? David