From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932898AbcFBVfd (ORCPT ); Thu, 2 Jun 2016 17:35:33 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:36411 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932565AbcFBVfc (ORCPT ); Thu, 2 Jun 2016 17:35:32 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: "H. Peter Anvin" Cc: Linus Torvalds , Greg KH , Peter Hurley , Andy Lutomirski , security@debian.org, "security\@kernel.org" , Al Viro , "security\@ubuntu.com \>\> security" , Serge Hallyn , Willy Tarreau , Aurelien Jarno , One Thousand Gnomes , Jann Horn , Linux Kernel Mailing List , Jiri Slaby , Florian Weimer , Konstantin Khlebnikov References: <87oa95gevf.fsf_-_@x220.int.ebiederm.org> <87mvoo8h3d.fsf@x220.int.ebiederm.org> <87fuug5i6r.fsf_-_@x220.int.ebiederm.org> <874mabt3df.fsf_-_@x220.int.ebiederm.org> <20160506193547.GA30024@kroah.com> <572CF43D.2020708@hurleysoftware.com> <20160506195459.GB27790@kroah.com> <878tyn4nis.fsf_-_@x220.int.ebiederm.org> <87porzuys7.fsf@x220.int.ebiederm.org> <94ee92fa-b07b-af9f-c631-18e96a0a465c@zytor.com> Date: Thu, 02 Jun 2016 16:23:36 -0500 In-Reply-To: <94ee92fa-b07b-af9f-c631-18e96a0a465c@zytor.com> (H. Peter Anvin's message of "Thu, 2 Jun 2016 13:36:55 -0700") Message-ID: <87a8j3thd3.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-AID: U2FsdGVkX18wNO3pvbKmtFcyFZVz3QIpshf+uN6xEcU= X-SA-Exim-Connect-IP: 67.3.226.120 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa04 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;"H. Peter Anvin" X-Spam-Relay-Country: X-Spam-Timing: total 993 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.6 (0.4%), b_tie_ro: 2.6 (0.3%), parse: 0.71 (0.1%), extract_message_metadata: 11 (1.1%), get_uri_detail_list: 0.81 (0.1%), tests_pri_-1000: 5 (0.5%), tests_pri_-950: 1.12 (0.1%), tests_pri_-900: 0.96 (0.1%), tests_pri_-400: 21 (2.1%), check_bayes: 20 (2.0%), b_tokenize: 6 (0.6%), b_tok_get_all: 7 (0.7%), b_comp_prob: 1.71 (0.2%), b_tok_touch_all: 3.1 (0.3%), b_finish: 0.75 (0.1%), tests_pri_0: 940 (94.7%), check_dkim_signature: 0.71 (0.1%), check_dkim_adsp: 4.7 (0.5%), tests_pri_500: 7 (0.7%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH tty-next] devpts: Make each mount of devpts an independent filesystem. X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "H. Peter Anvin" writes: > On 06/02/16 13:22, Eric W. Biederman wrote: >> >> The problem with lookup_one_len_unlocked is that it still calls >> inode_permission. >> >> As per previous discussions we don't want the path based permission >> checks involved in that lookup. >> > > Is it that we don't *want* it, or that we don't *need* it? In the > latter case, we could just do whatever makes the code simpler, no? We certainly don't need the permission check. Keeping the permission check appears to introduce an inconsistency between what make sense for the code to do and what the code actually does that only matters once in a blue moon. That weirdness will probably cause an issue for someone sometime that will take forever to track down, because no one will be expecting it. So in my opinion the code will be much more maintainable if we don't include user visible behaviors that will violate peoples simple mental model of how the code behaves. Eric