Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()

From: stsp
Date: Thu Apr 25 2024 - 07:03:05 EST

Next message: Joel Granados: "Re: [PATCH v3 00/11] sysctl: treewide: constify ctl_table argument of sysctl handlers"
Previous message: kernel test robot: "[tip:locking/core] BUILD SUCCESS 532453e7aa78f3962fb4d86caf40ff81ebf62160"
In reply to: Andy Lutomirski: "Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

25.04.2024 03:43, Andy Lutomirski пишет:

But you missed the FMODE_CRED part!

OK, I thought its not needed if fd
is limited to the one created by the
same process. But your explanation
is quite clear on that its needed anyway,
or otherwise the unsuspecting process
doesn't fully drop his privs.
Thank you for explaining that bit.
Which leaves just one question: is
such an opt-in enough or not?
Viro points it may not be enough,
but doesn't explain why exactly.

Maybe we need such an opt-in, and
it should be dropped on exec() and
on passing via unix fd? I don't know
what additional restrictions are needed,
as Viro didn't clarify that part, but the
opt-in is needed for sure.

Next message: Joel Granados: "Re: [PATCH v3 00/11] sysctl: treewide: constify ctl_table argument of sysctl handlers"
Previous message: kernel test robot: "[tip:locking/core] BUILD SUCCESS 532453e7aa78f3962fb4d86caf40ff81ebf62160"
In reply to: Andy Lutomirski: "Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]