On Thu, Apr 14, 2016 at 4:07 AM, Emrah Demir <ed at abdsec.com> wrote:
>
> Kees Cook proposed to write a %pK formatted patch. This would solve most of
> the problems.
Actually, %pK is horrible in /proc and /sys files, and does the wrong thing.
It uses the current creds for deciding what to do, which is exactly
the wrong thing (for all the usual reasons) for a file access from a
security standpoint. Sadly, almost every use of %pK gets this wrong.
Thankfully, it's much less of a problem for reads than for writes, but
it's still wrong.
A file access should use "file->f_cred", but the seq_file interface
sadly doesn't expose any way to do that.
I'll take a look, but it's non-trivial to get right. %pK turns out to
have been seriously mis-designed, and is basically almost always a
bug.
Linus
