From: "Mickaël Salaün" <mic@digikod.net>
To: Richard Weinberger <richard@nod.at>,
Tristan Schmelcher <tschmelcher@google.com>
Cc: linux-kernel@vger.kernel.org, Jeff Dike <jdike@addtoit.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
user-mode-linux-devel
<user-mode-linux-devel@lists.sourceforge.net>,
user-mode-linux-user@lists.sourceforge.net
Subject: Re: [PATCH v2 1/2] um: Set secure access mode for temporary file
Date: Thu, 10 Dec 2015 00:58:28 +0100 [thread overview]
Message-ID: <5668C024.2020803@digikod.net> (raw)
In-Reply-To: <56674F91.8050108@nod.at>
[-- Attachment #1: Type: text/plain, Size: 1055 bytes --]
On 08/12/2015 22:45, Richard Weinberger wrote:
> Am 08.12.2015 um 21:37 schrieb Tristan Schmelcher:
>> On 6 December 2015 at 09:43, Mickaël Salaün <mic@digikod.net> wrote:
>>> Well, I'm concerned to use umask because it is not thread-safe and drivers may use create_mem_file() in a multi-theaded context.
>>
>> You are right. We should perhaps set the umask to 0700 permanently
>> during process start. But I am not sure if this will interfere with
>> other UML code.
>
> It *should* not hurt. Let's see what explodes. :)
We can't force the kernel process umask without breaking compatibility with current implementation, especially with hostfs (i.e. the host umask prevail the guest one).
>>> I prefer to stick to fchmod and handle the race-condition with O_TMPFILE unsell someone is sure that this will not create bugs :)
>>
>> The fchmod call is basically useless and should probably be removed.
>
> I agree.
I propose then to simply remove the fchmod call and let the O_TMPFILE flag do the magic :)
Regards,
Mickaël
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
next prev parent reply other threads:[~2015-12-09 23:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-29 14:03 [PATCH v2 0/2] um: Protect memory mapped file Mickaël Salaün
2015-11-29 14:03 ` Mickaël Salaün
2015-11-29 14:03 ` [PATCH v2 1/2] um: Set secure access mode for temporary file Mickaël Salaün
2015-11-29 14:03 ` Mickaël Salaün
2015-12-04 17:13 ` Tristan Schmelcher
2015-12-06 11:32 ` Mickaël Salaün
2015-12-06 11:57 ` Mickaël Salaün
2015-12-06 14:43 ` Mickaël Salaün
2015-12-08 20:37 ` Tristan Schmelcher
2015-12-08 20:37 ` Tristan Schmelcher
2015-12-08 21:45 ` [uml-devel] " Richard Weinberger
2015-12-08 21:45 ` Richard Weinberger
2015-12-09 23:58 ` Mickaël Salaün [this message]
2015-11-29 14:03 ` [PATCH v2 2/2] um: Use race-free temporary file creation Mickaël Salaün
2015-11-29 14:03 ` Mickaël Salaün
2015-12-04 17:26 ` Tristan Schmelcher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5668C024.2020803@digikod.net \
--to=mic@digikod.net \
--cc=gregkh@linuxfoundation.org \
--cc=jdike@addtoit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=richard@nod.at \
--cc=tschmelcher@google.com \
--cc=user-mode-linux-devel@lists.sourceforge.net \
--cc=user-mode-linux-user@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.