From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Morton Subject: Re: [PATCH v3] fs: introduce pipe-only dump mode suid_dumpable=3 Date: Fri, 22 Jun 2012 15:20:29 -0700 Message-ID: <20120622152029.638ade70.akpm@linux-foundation.org> References: <20120622192413.GA5774@www.outflux.net> <20120622125551.269552c2.akpm@linux-foundation.org> <20120622143435.c1ba744e.akpm@linux-foundation.org> <20120622145711.d7f720cd.akpm@linux-foundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: linux-kernel@vger.kernel.org, Alan Cox , "Eric W. Biederman" , Alexander Viro , Rob Landley , Ingo Molnar , Peter Zijlstra , Doug Ledford , Marcel Holtmann , Serge Hallyn , Joe Korty , David Howells , James Morris , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org To: Kees Cook Return-path: In-Reply-To: Sender: linux-doc-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Fri, 22 Jun 2012 15:07:45 -0700 Kees Cook wrote: > mode=2 to disk _should_ break, is my point. And my point is that we should at least tell people that we broke it. I don't believe that returning an EINVAL from the write() is sufficient. Because it introduces a high risk that people will run misconfigured systems for lengthy periods and it will cause them to have to do a *lot* of work once they discover that their system is misbehaving. So if we really really must instabreak back-compatibility, we should shout loudly into syslog about it: tell people that their system is broken and tell them what to do about it. And we should explain and justify this extraordinary action in the patch changelog.