> On Jul 12, 2018, at 1:23 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > >> Don't play games with override_creds. It's wrong. >> >> You have to use file->f_creds - no games, no garbage. > > You missed the point. > > > My suggestion was to use override_creds() to impose the appropriate creds at > the top, be that file->f_creds or fs_context->creds (they would be the same in > any case). I think it should be a new syscall and use current’s creds. No override needed. > Btw, do we protect sysfs, debugfs, tracefs, procfs, etc. writes against > splice? Some of the things in debugfs are really icky, allowing you to muck > directly with hardware. > We try. It has been a perennial source of severe bugs. This is part of why I’d like to see splice() be an opt in. Also, it’s a major step toward getting rid of set_fs().
