From: Kees Cook <keescook@chromium.org>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Jann Horn <jannh@google.com>, Sargun Dhillon <sargun@sargun.me>,
Linux Containers <containers@lists.linux-foundation.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Jeffrey Vander Stoep <jeffv@google.com>,
Linux API <linux-api@vger.kernel.org>,
kernel list <linux-kernel@vger.kernel.org>,
Chris Palmer <palmer@google.com>,
Robert Sesek <rsesek@google.com>, Tycho Andersen <tycho@tycho.ws>,
Matt Denton <mpdenton@google.com>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v2 2/3] seccomp: Introduce addfd ioctl to seccomp user notifier
Date: Sat, 30 May 2020 09:09:29 -0700 [thread overview]
Message-ID: <202005300908.303040EF9@keescook> (raw)
In-Reply-To: <20200530135827.cxltfmiqara4yaki@wittgenstein>
On Sat, May 30, 2020 at 03:58:27PM +0200, Christian Brauner wrote:
> On Sat, May 30, 2020 at 05:17:24AM +0200, Jann Horn wrote:
> > On Sat, May 30, 2020 at 4:43 AM Kees Cook <keescook@chromium.org> wrote:
> > > I mean, yes, that's certainly better, but it just seems a shame that
> > > everyone has to do the get_unused/put_unused dance just because of how
> > > SCM_RIGHTS does this weird put_user() in the middle.
> > >
> > > Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we
> > > move the put_user() after instead?
> >
> > Honestly, I think trying to remove file descriptors and such after
> > -EFAULT is a waste of time. If userspace runs into -EFAULT, userspace
> [...]
>
> There's really no point in trying to save a broken scm message imho.
Right -- my concern is about stuffing a fd into a process without it
knowing (this is likely an overly paranoid concern, given that if the
process is getting EFAULT at the end of a list of fds, all the prior
ones will be installed too..)
--
Kees Cook
next prev parent reply other threads:[~2020-05-30 16:09 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 11:08 [PATCH v2 0/3] Add seccomp notifier ioctl that enables adding fds Sargun Dhillon
2020-05-28 11:08 ` [PATCH v2 1/3] seccomp: Add find_notification helper Sargun Dhillon
2020-05-29 6:23 ` Kees Cook
2020-05-29 17:40 ` Sargun Dhillon
2020-05-29 20:14 ` Kees Cook
2020-05-29 9:57 ` Christian Brauner
2020-05-28 11:08 ` [PATCH v2 2/3] seccomp: Introduce addfd ioctl to seccomp user notifier Sargun Dhillon
2020-05-29 7:31 ` Kees Cook
2020-05-29 7:38 ` Christian Brauner
2020-05-29 7:45 ` Kees Cook
2020-05-30 1:10 ` Sargun Dhillon
2020-05-30 2:43 ` Kees Cook
2020-05-30 3:17 ` Jann Horn
2020-05-30 5:22 ` Kees Cook
2020-05-30 13:58 ` Christian Brauner
2020-05-30 16:09 ` Kees Cook [this message]
2020-05-30 3:58 ` Sargun Dhillon
2020-05-30 5:47 ` Kees Cook
2020-05-30 14:13 ` Christian Brauner
2020-05-30 16:14 ` Kees Cook
2020-05-30 16:21 ` Christian Brauner
2020-05-30 14:08 ` Al Viro
2020-05-30 16:07 ` Kees Cook
2020-06-01 19:02 ` Sargun Dhillon
2020-06-01 19:59 ` Kees Cook
2020-05-29 9:24 ` Giuseppe Scrivano
2020-05-29 10:32 ` Christian Brauner
2020-05-29 13:31 ` Christian Brauner
2020-05-29 22:35 ` Sargun Dhillon
2020-05-28 11:08 ` [PATCH v2 3/3] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Sargun Dhillon
2020-05-29 7:41 ` Kees Cook
2020-05-29 13:29 ` Tycho Andersen
2020-05-29 18:46 ` Sargun Dhillon
2020-05-29 19:12 ` Tycho Andersen
2020-05-29 20:09 ` Kees Cook
2020-05-29 13:30 ` [PATCH v2 0/3] Add seccomp notifier ioctl that enables adding fds Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202005300908.303040EF9@keescook \
--to=keescook@chromium.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=jannh@google.com \
--cc=jeffv@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpdenton@google.com \
--cc=palmer@google.com \
--cc=rsesek@google.com \
--cc=sargun@sargun.me \
--cc=tycho@tycho.ws \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.