lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190607181452.GC648@sol.localdomain>
Date:   Fri, 7 Jun 2019 11:14:52 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Wang Shilong <wshilong@....com>
Cc:     Wang Shilong <wangshilong1991@...il.com>,
        "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>,
        "linux-f2fs-devel@...ts.sourceforge.net" 
        <linux-f2fs-devel@...ts.sourceforge.net>,
        Andreas Dilger <adilger@...ger.ca>
Subject: Re: 回复: [f2fs-dev] [PATCH 1/2]
 ext4: only set project inherit bit for directory

On Fri, Jun 07, 2019 at 07:51:18AM +0000, Wang Shilong wrote:
> Hi,
> 
> > --
> > 2.21.0
> 
> Won't this break 'chattr' on files that already have this flag set?
> FS_IOC_GETFLAGS will return this flag, so 'chattr' will pass it back to
> FS_IOC_SETFLAGS which will return EOPNOTSUPP due to this:
> 
>         if (ext4_mask_flags(inode->i_mode, flags) != flags)
>                 return -EOPNOTSUPP;
> 
> >>>>
> 
> You are right for this and we also need take care of this in EXT4_IOC_FSSETXATTR/
> this is a bit strange behavior as chattr read existed flags
> but could not set them again, there are several possible ways that I could think
> of to fix the issue?
> 
> 1) change chattr to filter Project inherit bit before call FS_IOC_SETFLAGS
> 
> 2) we automatically fixed the flag before mask check, something like:
> if reg:
>      flags &= ~PROJECT_INHERT;
>       if (ext4_mask_flags(inode->i_mode, flags) != flags)
>                 return -EOPNOTSUPP;
> But this might be not good..
> 
> I would prefer solution 1)
> What do you think?

Existing versions of chattr can't be changed, and people don't necessarily
upgrade the kernel and e2fsprogs at the same time.  So (1) wouldn't really work.

A better solution might be to make FS_IOC_GETFLAGS and FS_IOC_FSGETXATTR never
return the project inherit flag on regular files.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ