From: Cyrill Gorcunov <gorcunov@openvz.org>
To: Oleg Nesterov <oleg@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Pavel Emelyanov <xemul@parallels.com>
Subject: Re: [rfc] fcntl: Add F_GETOWNER_UIDS option
Date: Mon, 26 Mar 2012 22:33:30 +0400 [thread overview]
Message-ID: <20120326183330.GM19395@moon> (raw)
In-Reply-To: <20120326164347.GA24394@redhat.com>
On Mon, Mar 26, 2012 at 06:43:47PM +0200, Oleg Nesterov wrote:
> On 03/26, Cyrill Gorcunov wrote:
> >
> > +#ifdef CONFIG_CHECKPOINT_RESTORE
> > +static int f_getowner_uids(struct file *filp, unsigned long arg)
> > +{
> > + struct user_namespace *user_ns = current_user_ns();
> > + const struct cred *cred = current_cred();
> > + uid_t * __user dst = (void * __user)arg;
> > + uid_t src[2];
> > + int err;
> > +
> > + read_lock(&filp->f_owner.lock);
> > + src[0] = filp->f_owner.uid;
> > + src[1] = filp->f_owner.euid;
> > + read_unlock(&filp->f_owner.lock);
> > +
> > + src[0] = user_ns_map_uid(user_ns, cred, src[0]);
> > + src[1] = user_ns_map_uid(user_ns, cred, src[1]);
>
> Why?
>
> In this case user_ns_map_uid() is "nop", it should always return
> the last arg, no?
Yes, but I wanted to be on safe side, and if one day user_ns_map_uid
get changed this function won't be security hole. Or I miss something
in general?
Cyrill
next prev parent reply other threads:[~2012-03-26 18:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-26 15:09 [rfc] fcntl: Add F_GETOWNER_UIDS option Cyrill Gorcunov
2012-03-26 16:43 ` Oleg Nesterov
2012-03-26 18:33 ` Cyrill Gorcunov [this message]
2012-03-27 15:25 ` Oleg Nesterov
2012-03-27 16:58 ` Cyrill Gorcunov
2012-03-27 22:29 ` Serge E. Hallyn
2012-03-27 22:34 ` Cyrill Gorcunov
2012-03-27 22:46 ` Serge E. Hallyn
2012-03-28 2:22 ` Eric W. Biederman
2012-03-28 6:48 ` Cyrill Gorcunov
[not found] ` <m1k425mae1.fsf@fess.ebiederm.org>
2012-03-28 7:55 ` Cyrill Gorcunov
2012-03-28 8:16 ` Cyrill Gorcunov
2012-03-28 19:43 ` Serge E. Hallyn
2012-03-28 19:46 ` Oleg Nesterov
2012-03-28 21:30 ` Serge Hallyn
2012-03-28 21:32 ` Oleg Nesterov
2012-03-28 21:37 ` Cyrill Gorcunov
2012-03-29 2:30 ` Serge E. Hallyn
2012-03-30 12:31 ` Cyrill Gorcunov
2012-03-30 14:12 ` Serge Hallyn
2012-03-30 14:40 ` Cyrill Gorcunov
2012-03-30 16:15 ` Serge E. Hallyn
2012-03-30 19:46 ` Kees Cook
2012-03-30 19:56 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120326183330.GM19395@moon \
--to=gorcunov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.