Linus Torvalds <torva...@linux-foundation.org> writes: > On Fri, Apr 8, 2016 at 11:51 AM, Eric W. Biederman > <ebied...@xmission.com> wrote: >> >> Given that concern under the rule we don't break userspace we have to >> check the permissions of /dev/pts/ptmx when we are creating a new pty, >> on a instance of devpts that was created with newinstance. > > The rule is that we don't break existing installations. > > If somebody has root and installs a "ptmx" node in an existing mount > space next to a pts subdirectory, that's not a security issue, nor is > it going to break any existing installation.
Anyone can do that with "mount --bind". All it takes is root in a user namespace. I can get root in a user namespace as no one special. So someone may have set such a thing up, and it may now be possible to defeat such a regime as anyone. In practice I suspect all such cases are handled by actually hiding the mount of devpts in another mount namespace. > The whole point of the patch is that yes, we change semantics. A > change of semantics means that people will see situations where the > behavior is different. But that's not "breaking user space", that's > just "ok, you can see a difference". If we don't want to care about this case, and if someone complains about a security regression readd my permission checks I am fine with that. But I don't want to let a possibility of breaking someone (that I don't know how to test for, and would be silent breakage) slip through. Eric