lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 28 Mar 2024 21:42:32 +0100
From: Joel Granados <j.granados@...sung.com>
To: Thomas Weißschuh <linux@...ssschuh.net>
CC: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, Dmitry Torokhov <dmitry.torokhov@...il.com>, "Eric W.
 Biederman" <ebiederm@...ssion.com>, <netdev@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, Luis Chamberlain <mcgrof@...nel.org>,
	Kuniyuki Iwashima <kuniyu@...zon.com>, <stable@...r.kernel.org>
Subject: Re: [PATCH v2] fs/proc/proc_sysctl.c: always initialize i_uid/i_gid

On Fri, Mar 22, 2024 at 08:51:11PM +0100, Thomas Weißschuh wrote:
> Commit e79c6a4fc923 ("net: make net namespace sysctls belong to container's owner")
> added default values for i_uid/i_gid.
> These however are only used when ctl_table_root->set_ownership is not
> implemented.
> But the callbacks themselves could fail to compute i_uid/i_gid and they
> all need to have the same fallback logic for this case.
All this text is related to commit e79c6a4fc923; which is not the one at
fault. I think mentioning e79c6a4fc923 here is incorrect. Please mention
5ec27ec735ba0 ("fs/proc/proc_sysctl.c: fix the default values of
i_uid/i_gid on /proc/sys inodes") and how it missed adjusting
net_ctl_set_ownership when it was committed.

> 
> This is unnecessary code duplication and prone to errors.
> For example net_ctl_set_ownership() missed the fallback.
This paragraph can be dropped

> 
> Instead always initialize i_uid/i_gid inside the sysfs core so
> set_ownership() can safely skip setting them.
> 
> Fixes: e79c6a4fc923 ("net: make net namespace sysctls belong to container's owner")
Why did you leave this? Do you disagree with my comment in
https://lore.kernel.org/all/20240319130716.vne4nhb3mbwtabfb@joelS2.panther.com/?

> Cc: stable@...r.kernel.org
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> ---
> Changes in v2:
> - Move the fallback logic to the sysctl core
> - Link to v1: https://lore.kernel.org/r/20240315-sysctl-net-ownership-v1-1-2b465555a292@weissschuh.net
> ---
>  fs/proc/proc_sysctl.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 37cde0efee57..9e34ab9c21e4 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -479,12 +479,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb,
>  			make_empty_dir_inode(inode);
>  	}
>  
> +	inode->i_uid = GLOBAL_ROOT_UID;
> +	inode->i_gid = GLOBAL_ROOT_GID;
>  	if (root->set_ownership)
>  		root->set_ownership(head, table, &inode->i_uid, &inode->i_gid);
> -	else {
> -		inode->i_uid = GLOBAL_ROOT_UID;
> -		inode->i_gid = GLOBAL_ROOT_GID;
> -	}
>  
>  	return inode;
>  }
> 
> ---
> base-commit: ff9c18e435b042596c9d48badac7488e3fa76a55
Now that v6.9-rc1 is out, I would rebase your next version there.


The change looks good, but the commit message still needs work.
-- 

Joel Granados

Download attachment "signature.asc" of type "application/pgp-signature" (660 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ