On Wed, Jul 18, 2018 at 2:27 PM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> As I may have said, I have tried modifying the kernel to pass the cred pointer
> down.
It should always be there in the 'struct file *'.
Now, we may have some broken stuff that passes only inodes down, but
they probably really should be fixed.
> The drivers and ioctl() implementations are/were particularly nasty in
> this respect. So many of them were doing checks against the current thread,
> not f_cred.
So ioctl() may be ok, simply because at least you shouldn't be able to
fool suid programs to do ioctl's on untrusted file descriptors.
So using current_cred() is still technically very wrong, but it's
probably not a huge problem in practice.
Now, if there's some cachefs kind of "do ioctl at the behest of
somebody else", then *that* would be a problem. I'm hoping there
isn't.
Linus
