On Wed, Jul 18, 2018 at 11:13 AM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> Linus, David - do you have any objections to the above?
I damn well do.
I explained earlier why it's wrong and fragile, and why it can just
cause the *reverse* security problem if you do it wrong. So now you
take a subtle bug, and make it even more subtle, and encourage people
to do this known-broken model of using creds at IO time.
No.
Some debugging option to just clear current->creds entirely and catch
mis-uses, sure. But saying "we have shit buggy garbage in random write
functions, so we'll just paper over it"? No.
Linus
