linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Walker <awalker@ixsystems.com>
To: David Laight <David.Laight@aculab.com>
Cc: Ameer Hamza <ahamza@ixsystems.com>,
	Christian Brauner <brauner@kernel.org>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
	"jlayton@kernel.org" <jlayton@kernel.org>,
	"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
	"arnd@arndb.de" <arnd@arndb.de>,
	"guoren@kernel.org" <guoren@kernel.org>,
	"palmer@rivosinc.com" <palmer@rivosinc.com>,
	"f.fainelli@gmail.com" <f.fainelli@gmail.com>,
	"slark_xiao@163.com" <slark_xiao@163.com>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>
Subject: Re: [PATCH] Add new open(2) flag - O_EMPTY_PATH
Date: Wed, 26 Apr 2023 08:10:15 -0500	[thread overview]
Message-ID: <CAB5c7xquuk7-kWZBY7fVmKiGh0_YxR=UhLjMUpdTx=2rF+PuzA@mail.gmail.com> (raw)
In-Reply-To: <05845c12eab34567ae61466db36a0cef@AcuMS.aculab.com>

On Wed, Apr 19, 2023 at 4:29 PM David Laight <David.Laight@aculab.com> wrote:
> ISTM that reopening a file READ_WRITE shouldn't be unconditionally allowed.
> Checking the inode permissions of the file isn't enough to ensure
> that the process is allowed to open it.
> The 'x' (search) permissions on all the parent directories needs to
> be checked (going back as far as some directory the process has open).
>
> If a full pathname is generated this check is done.
> But the proposed O_EMTPY_PATH won't be doing it.
>
> This all matters if a system is using restricted directory
> permissions to block a process from opening files in some
> part of the filesystem, but is also being passed an open
> fd (for reading) in that part of the filesystem.
> I'm sure there are systems that will be doing this.
>
>         David
>

So to be safe, hypothetically, the caller should be required to have
CAP_DAC_READ_SEARCH like with open_by_handle_at(2)?

Andrew

      reply	other threads:[~2023-04-26 13:10 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-28 16:02 [PATCH] Add new open(2) flag - O_EMPTY_PATH Ameer Hamza
2022-12-31  0:15 ` kernel test robot
2022-12-31 23:56   ` [PATCH v2] " Ameer Hamza
2023-01-01 11:16     ` kernel test robot
2023-01-01 15:37       ` [PATCH v3] " Ameer Hamza
2023-01-02 14:01     ` [PATCH v2] " David Laight
2023-01-02 14:35       ` Ameer Hamza
2023-01-06  9:21         ` David Laight
2023-01-06 13:06 ` [PATCH] " Christian Brauner
2023-04-19  1:15   ` Ameer Hamza
     [not found]     ` <7454A798-1277-411A-853C-635B33439029@gmail.com>
2023-04-19  9:18       ` Christian Brauner
2023-04-19 21:29     ` David Laight
2023-04-26 13:10       ` Andrew Walker [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAB5c7xquuk7-kWZBY7fVmKiGh0_YxR=UhLjMUpdTx=2rF+PuzA@mail.gmail.com' \
    --to=awalker@ixsystems.com \
    --cc=David.Laight@aculab.com \
    --cc=ahamza@ixsystems.com \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=f.fainelli@gmail.com \
    --cc=guoren@kernel.org \
    --cc=jlayton@kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=palmer@rivosinc.com \
    --cc=slark_xiao@163.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).