Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()

From: stsp
Date: Tue Apr 23 2024 - 18:53:07 EST

Next message: Matthew Wilcox: "Re: [PATCH v2 3/8] f2fs: drop usage of page_index"
Previous message: kernel test robot: "Re: [PATCH v2 2/4] PCI: dwc: Remove unused of_gpio.h"
In reply to: stsp: "Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

23.04.2024 19:44, Andy Lutomirski пишет:

Also, there are lots of ways that f_cred could be relevant: fsuid/fsgid, effective capabilities and security labels. And it gets more complex if this ever gets extended to support connecting or sending to a socket or if someone opens a device node. Does CAP_SYS_ADMIN carry over?

I posted a v3 where I only override
fsuid, fsgid and group_info.
Capabilities and whatever else are
not overridden to avoid security risks.
Does this address your concern?

Note that I think your other concerns
are already addressed, I just added a
bit more of a description now.

Next message: Matthew Wilcox: "Re: [PATCH v2 3/8] f2fs: drop usage of page_index"
Previous message: kernel test robot: "Re: [PATCH v2 2/4] PCI: dwc: Remove unused of_gpio.h"
In reply to: stsp: "Re: [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]