lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 3 Aug 2015 00:27:58 -0500
From:	Tyler Hicks <tyhicks@...onical.com>
To:	Richard Weinberger <richard@....at>
Cc:	ecryptfs@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [RFC][PATCH] ecryptfs: Allow only one instance per lower path

On 2015-08-02 09:51:16, Richard Weinberger wrote:
> Am 02.08.2015 um 03:03 schrieb Tyler Hicks:
> > Thanks for the report and for the patch, Richard!
> > 
> > On 2015-07-31 12:23:10, Richard Weinberger wrote:
> >> Mounting the same lower path multiple times should not result
> >> into multiple ecryptfs instances, otherwise ecryptfs gets confused.
> >>
> >> A command sequence of:
> > 
> > An important detail that took me a while to realize is that /tmp should
> > be tmpfs in order to trigger the warnings below. I was unable to
> > reproduce the warnings with ext4 as the lower filesystem.
> 
> Hmm, I saw it with UBIFS found that it triggers with tmpfs too.
> I gave ext4 a quick try and yes, it behaves differently, I get
> a EIO upon the second unlink().
> 
> >> $ mount -t ecryptfs /tmp/.secret /mnt_a/secret/
> >> $ mount -t ecryptfs /tmp/.secret /mnt_b/secret/
> >> $ mkdir -p /mnt_a/secret/xxx
> >> $ mkdir -p /mnt_b/secret/xxx
> > 
> > Note that the -p option is covering up the fact that /mnt_b/secret/xxx
> > already exists. Remove that option and you should see this error:
> > 
> >   mkdir: cannot create directory ‘/mnt_b/secret/xxx’: File exists
> > 
> > This really isn't important other than understanding that the second
> > mkdir it isn't needed.
> > 
> >> $ echo foo > /mnt_a/secret/xxx/test.txt
> >> $ echo foo > /mnt_b/secret/xxx/test.txt
> > 
> > /mnt_b/secret/xxx/test.txt should already exist (it does for me, at
> > least) so the same file is being written to twice in a row. Again, not
> > really important other than to know that it isn't needed.
> > 
> >> $ rm -rf /mnt_a/secret/xxx
> >> $ rm -rf /mnt_b/secret/xxx
> > 
> > The /mnt_b/secret/xxx dcache entry is stale here because the underlying
> > file was removed by the first rm command in the /mnt_a/secret mount. The
> > lower inode's nlink is 0 at this point and what should be happening
> > here, I think, is that the eCryptfs dentry should be invalidated and the
> > eCryptfs inode should be destroyed.
> > 
> > I think that the proper fix is to catch this condition in
> > ecryptfs_d_revalidate(). I've started working on coming up with a patch
> > for that but I'll need some more time to finish and test it.
> 
> So ecryptfs definitely supports mounting the same lower path multiple times?
> What is the benefit of that behavior?

No, it doesn't support that in a way that provides consistency among all
of the eCryptfs mounts.

However, multiple mounts on the same lower path is not the cause of this
bug. The real issue is a stale dcache entry when the lower filesystem
has been modified without eCryptfs' knowing. I can trigger the same
warnings with only a single eCryptfs mount.

Tyler
> 
> Thanks,
> //richard

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ