On Sat, May 30, 2020 at 03:58:27PM +0200, Christian Brauner wrote: > On Sat, May 30, 2020 at 05:17:24AM +0200, Jann Horn wrote: > > On Sat, May 30, 2020 at 4:43 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > I mean, yes, that's certainly better, but it just seems a shame that > > > everyone has to do the get_unused/put_unused dance just because of how > > > SCM_RIGHTS does this weird put_user() in the middle. > > > > > > Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we > > > move the put_user() after instead? > > > > Honestly, I think trying to remove file descriptors and such after > > -EFAULT is a waste of time. If userspace runs into -EFAULT, userspace > [...] > > There's really no point in trying to save a broken scm message imho. Right -- my concern is about stuffing a fd into a process without it knowing (this is likely an overly paranoid concern, given that if the process is getting EFAULT at the end of a list of fds, all the prior ones will be installed too..) -- Kees Cook _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
