| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Apr 2016 15:05:21 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "H. Peter Anvin" <hpa@...or.com>, One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, Peter Hurley <peter@...leysoftware.com>, Greg KH <greg@...ah.com>, Jiri Slaby <jslaby@...e.com>, Aurelien Jarno <aurelien@...el32.net>, Andy Lutomirski <luto@...capital.net>, Florian Weimer <fw@...eb.enyo.de>, Al Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge.hallyn@...ntu.com>, Jann Horn <jann@...jh.net>, "security\@kernel.org" <security@...nel.org>, "security\@ubuntu.com \>\> security" <security@...ntu.com>, security@...ian.org, Willy Tarreau <w@....eu>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 01/13] devpts: Teach /dev/ptmx to find the associated devpts via path lookup Linus Torvalds <torvalds@...ux-foundation.org> writes: > On Sat, Apr 9, 2016 at 3:37 PM, H. Peter Anvin <hpa@...or.com> wrote: >> >> On the flipside, if we were to allow ourselves to break userspace, at this point I would suggest making /dev/pts/ptmx have a different device number and make the legacy /dev/ptmx print a warning message, after which it can at least eventually be deleted. > > You don't need a different device number. > > The /dev/pts/ptmx file may look like it's the same node as /dev/ptmx, > but it is trivial to recognize as the pts one: > > if (dentry->d_sb->s_magic == DEVPTS_SUPER_MAGIC) > > and you're done. We can actually do better and set f_ops in devpts and bypass the whole lookup by device number. In my pile of cleanups that are waiting for the mess to resolve I actually have a patch that does that for the slave ttys. > > But nobody actually uses /dev/pts/ptmx, because it has never had sane > permissions. Now that is an interesting misconception to see. There is actually a lot more software that uses /dev/pts/ptmx (with a symlink from /dev/ptmx or a bind mount to /dev/ptmx) than there is that actually needs the new compatibility behavior. Carefully written and maintained container software like lxc and docker do use "-o newinstance". Fixing the permissions and redirecting the /dev/ptmx path to /dev/pts/ptmx are not a problem when you know you are setting up a special environment. It is the one off sloppily created automation scripts like xen-create-image that gets this wrong. I say sloppily created as in practice every mount of devpts needs "-o gid=5,mode=620". If xen-create-image and related software had gotting those mount options correct pt_chown could have been done away with, with no one noticing a long time ago. Those sloppy pieces of code are probably the things we want to break least as they work after their fasion and whoever wrote them is likely long gone. So I would be surprised if there was anyone to pick up the pieces if we break them. > But when we fix bad semantics (and always just looking up the initial > pts mount really is crazy semantics) that doesn't mean that we have to > bend over backwards to not make the changed semantics visible. We > don't _break_ user space, but we also don't care about some random > test-program that checks for particular semantics. No. Bending over backwards as you call it just makes the software test matrix smaller. That part is now settled in my book and those extra permission checks will not be in the next version of this patchset. Eric
Powered by blists - more mailing lists