From: Tejun Heo <tj@kernel.org>
To: Linus Torvalds <torvalds@linuxfoundation.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Michal Koutný" <mkoutny@suse.com>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Jens Axboe" <axboe@kernel.dk>,
"Kees Cook" <keescook@chromium.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Jim Newsome" <jnewsome@torproject.org>,
"Alexey Gladkov" <legion@kernel.org>,
"Security Officers" <security@kernel.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Jann Horn" <jannh@google.com>
Subject: Re: [PATCH] exit: Retain nsproxy for exit_task_work() work entries
Date: Wed, 8 Dec 2021 09:49:17 -1000 [thread overview]
Message-ID: <YbEMPal0sKkk0+Tl@slm.duckdns.org> (raw)
In-Reply-To: <CAHk-=wjcWEYSEVKvowUA0yEeDM279Zg-ptM_SsCMxmRSPJHjAw@mail.gmail.com>
Hello,
On Wed, Dec 08, 2021 at 11:39:43AM -0800, Linus Torvalds wrote:
> (b) alternatively, go ahead and do the permission check at IO time,
> but do it using "file->f_cred" (ie the open-time permission), not the
> current process ones.
>
> In the above, (a) and (b) are basically the same: it uses f_cred for
> permission checking. The only difference is that in (a) you may be
> using some function that _technically_ uses the implicit "current
> credentials" (there are many of them), and you just separately make
> sure that those current credentials are identical to what they were at
> open time.
>
> Obviously (b) is hugely preferred, but sometimes the code organization
> (ie "file or f_cred just isn't passed down deep enough") means that
> (a) might be the only realistic option.
>
> IOW, it's not *wrong* to do permission checking at IO time, but it
> absolutely needs to be done using the open-time credentials.
Yeah, (b) sounds good to me. Will look into it.
Thanks.
--
tejun
next prev parent reply other threads:[~2021-12-08 19:49 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-08 18:05 [PATCH] exit: Retain nsproxy for exit_task_work() work entries Michal Koutný
2021-12-08 18:45 ` Eric W. Biederman
2021-12-08 19:06 ` Tejun Heo
2021-12-08 19:39 ` Linus Torvalds
2021-12-08 19:49 ` Tejun Heo [this message]
2021-12-08 23:07 ` Tejun Heo
2021-12-09 13:44 ` Michal Koutný
2021-12-09 14:08 ` Christian Brauner
2021-12-09 14:47 ` Michal Koutný
2021-12-09 15:06 ` Christian Brauner
2021-12-09 16:39 ` Michal Koutný
2021-12-10 23:12 ` Michal Koutný
2021-12-13 15:24 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YbEMPal0sKkk0+Tl@slm.duckdns.org \
--to=tj@kernel.org \
--cc=axboe@kernel.dk \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=jnewsome@torproject.org \
--cc=keescook@chromium.org \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mkoutny@suse.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).