| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161129162132.xv66ojffxn7gxllr@thunk.org> Date: Tue, 29 Nov 2016 11:21:32 -0500 From: Theodore Ts'o <tytso@....edu> To: Jan Kara <jack@...e.cz> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH 2/3] ext4: Be more strict when verifying flags set via SETFLAGS ioctls On Thu, Oct 06, 2016 at 01:04:33PM +0200, Jan Kara wrote: > Currently we just silently ignore flags that we don't understand (or > that cannot be manipulated) through EXT4_IOC_SETFLAGS and > EXT4_IOC_FSSETXATTR ioctls. This makes it problematic for the unused > flags to be used in future (some app may be inadvertedly setting them > and we won't notice until the flag gets used). Also this is inconsistent > with other filesystems like XFS or BTRFS which return EOPNOTSUPP when > they see a flag they cannot set. > > ext4 has the additional problem that there are flags which are returned > by EXT4_IOC_GETFLAGS ioctl but which cannot be modified via > EXT4_IOC_SETFLAGS. So we have to be careful to ignore value of these > flags and not fail the ioctl when they are set (as e.g. chattr(1) passes > flags returned from EXT4_IOC_GETFLAGS to EXT4_IOC_SETFLAGS without any > masking and thus we'd break this utility). > > Signed-off-by: Jan Kara <jack@...e.cz> Thanks, applied. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists