> On Jul 12, 2018, at 1:23 PM, David Howells <dhowe...@redhat.com> wrote:
> Linus Torvalds <torva...@linux-foundation.org> wrote:
>> Don't play games with override_creds. It's wrong.
>> You have to use file->f_creds - no games, no garbage.
> You missed the point.

> My suggestion was to use override_creds() to impose the appropriate creds at
> the top, be that file->f_creds or fs_context->creds (they would be the same in
> any case).

I think it should be a new syscall and use current’s creds. No override needed.

> Btw, do we protect sysfs, debugfs, tracefs, procfs, etc. writes against
> splice?  Some of the things in debugfs are really icky, allowing you to muck
> directly with hardware.

We try. It has been a perennial source of severe bugs.

This is part of why I’d like to see splice() be an opt in. Also, it’s a major 
step toward getting rid of set_fs().

Reply via email to