From: Linus Torvalds <torva...@linux-foundation.org> Date: Wed, 19 Nov 2014 12:40:53 -0800
> On Wed, Nov 19, 2014 at 12:31 PM, David Miller <da...@davemloft.net> wrote: >> >> But that is just my opinion, and yes I do acknowledge that we've had >> serious holes in this area in the past. > > The serious holes have generally been exactly in the "upper layers > already check" camp, and then it turns out that some odd ioctl or > other thing ends up doing something odd and interesting. > > If Al has actual performance profiles showing that the access_ok() is > a real problem, then fine. As a low-level optimization, I agree with > it. But not as a "let's just drop them, and make the security rules be > non-local and subtle, and require people to know the details of the > whole call-chain". > > Seeing a "__get_user()" and just being able to glance up in the same > function and seeing the "access_ok()" is just a good safety net. And > means that people don't have to waste time thinking about or looking > for where the hell the security net really is. Fair enough. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
