On Fri, Nov 06, 2015 at 09:05:57PM -0800, Kees Cook wrote: > >>>> They're certainly not used early enough -- we need to remove suid when > >>>> the page becomes writable via mmap (wp_page_shared), not when > >>>> writeback happens, or at least not only when writeback happens. > >>> > >>> Well, I'm shy about the change there. For example, we don't strip in > >>> on open(RDWR), just on write(). > >> > >> I take it back. Hooking wp_page_shared looks expensive. :) Maybe we do > >> need to hook the mmap? > > > > But file_update_time already pokes at the same (or nearby) cachelines, > > I think -- why would it be expensive? The whole thing could be > > guarded by if (unlikely(is setuid)), right? > > Yeah, true. I added file_remove_privs calls near all the > file_update_time calls, to no effect. Added to wp_page_shared too, > nothing. Hmmm. Why not put the the should_remove_suid() call in filemap_page_mkwrite(), or maybe do_page_mkwrite()? Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
