Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@ZenIV.linux.org.uk>
To: Djalal Harouni <tixxdz@opendz.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>,
	"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	LKML <linux-kernel@vger.kernel.org>,
	linux-fsdevel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, tixxdz@gmail.com
Subject: Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred
Date: Thu, 26 Sep 2013 03:42:34 +0100	[thread overview]
Message-ID: <20130926024234.GE13318@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1380140085-29712-5-git-send-email-tixxdz@opendz.org>

On Wed, Sep 25, 2013 at 09:14:37PM +0100, Djalal Harouni wrote:
> The f_cred field of the file struct contains the cred of current at
> open time. This field can be used to get the context of open, and track
> current's cred changes after.
> 
> The procfs is one of those fs that need to track current cred changes
> in order to implement proper permission checks on each system call.
> 
> The procfs make use of seq_file struct and its iterators to step through
> /proc objects. These iterators and seq_file helpers must be able to
> access the file->f_cred to perform various permission checks at any
> time.
> 
> Therefor add the f_cred field to the seq_file struct and a helper
> seq_f_cred() to return it.

NAK.  This is completely irrelevant for most of seq_file users and it simply
does not belong in struct seq_file.

next prev parent reply	other threads:[~2013-09-26  2:42 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-25 20:14 [PATCH 0/12] procfs: protect /proc/<pid>/* files with file->f_cred Djalal Harouni
2013-09-25 20:14 ` [PATCH 01/12] procfs: add proc_same_open_cred() to check if the cred have changed Djalal Harouni
2013-09-25 20:14 ` [PATCH 02/12] procfs: add proc_allow_access() to check if file's opener may access task Djalal Harouni
2013-09-25 20:14 ` [PATCH 03/12] procfs: Document the proposed solution to protect procfs entries Djalal Harouni
2013-09-25 20:14 ` [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred Djalal Harouni
2013-09-26  0:22   ` Linus Torvalds
2013-09-26  3:02     ` Al Viro
2013-09-27  8:37       ` Djalal Harouni
2013-09-28 14:57       ` Djalal Harouni
2013-09-27  8:34     ` Djalal Harouni
2013-09-26  2:42   ` Al Viro [this message]
2013-09-25 20:14 ` [PATCH 05/12] seq_file: set the seq_file->f_cred during seq_open() Djalal Harouni
2013-09-25 20:14 ` [PATCH 06/12] procfs: make /proc/*/stack 0400 Djalal Harouni
2013-09-26 20:43   ` Kees Cook
2013-09-28 14:35     ` Djalal Harouni
2013-10-02 19:52       ` Kees Cook
2013-09-29 10:37     ` Djalal Harouni
2013-10-02 19:49       ` Kees Cook
2013-09-25 20:14 ` [PATCH 07/12] procfs: add permission checks on the file's opener of /proc/*/stack Djalal Harouni
2013-09-25 20:14 ` [PATCH 08/12] procfs: add permission checks on the file's opener of /proc/*/personality Djalal Harouni
2013-09-25 20:14 ` [PATCH 09/12] procfs: add permission checks on the file's opener of /proc/*/stat Djalal Harouni
2013-09-25 20:14 ` [PATCH 10/12] procfs: move PROC_BLOCK_SIZE declaration up to make it visible Djalal Harouni
2013-09-25 20:14 ` [PATCH 11/12] procfs: improve permission checks on /proc/*/syscall Djalal Harouni
2013-09-25 20:14 ` [PATCH 12/12] user_ns: seq_file: use the user_ns that is embedded in the f_cred struct Djalal Harouni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130926024234.GE13318@ZenIV.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=gorcunov@openvz.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=serge.hallyn@ubuntu.com \
    --cc=tixxdz@gmail.com \
    --cc=tixxdz@opendz.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox