On Fri, 3 Jul 2020 10:44:22 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote: > When making access control choices from a file-based context, f_cred > must be used instead of current_cred() to avoid confused deputy attacks > where an open file may get passed to a more privileged process. Add a > short paragraph to explicitly state the rationale. > > Cc: Jonathan Corbet <corbet@xxxxxxx> > Cc: linux-doc@xxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > I forgot to include this patch in my kallsyms_show_value() f_cred series: > https://lore.kernel.org/lkml/20200702232638.2946421-1-keescook@xxxxxxxxxxxx/ > I can either take this in that series, or it can go via docs? > --- > Documentation/security/credentials.rst | 4 ++++ > 1 file changed, 4 insertions(+) I've applied it, thanks. jon
