lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240221214626.GB633176@mit.edu>
Date: Wed, 21 Feb 2024 16:46:26 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Jan Kara <jack@...e.cz>
Cc: JunChao Sun <sunjunchao2870@...il.com>,
        Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: A problem about BLK_OPEN_RESTRICT_WRITES

On Wed, Feb 21, 2024 at 05:19:54PM +0100, Jan Kara wrote:
> 
> No. Cases like above are the reason why there's still a config option
> CONFIG_BLK_DEV_WRITE_MOUNTED and it defaults to 'y'. We need to be fixing
> userspace - util-linux in this case - to avoid having writeable file handle
> open to block devices that are being mounted.

Note also that at least as far as ext4 is concerned, I don't recommend
that people use CONFIG_BLK_DEV_WRITE_MOUNTED on production systems.
This will break programs like tune2fs operating on mounted file
systems.  There is a plan to add super to allow various superblock
tuning operations to bet set via ioctls, much like the new ioctl's
which allow the label and uuid to be set via an ioctl.  This will
require users upgrade to newer kerrnels and newer versions of
e2fsprogs, so it will a while before we're at that point.

For now, the main use of CONFIG_BLK_DEV_WRITE_MOUNTED is to prevent
tools like syzbot from issuing false positives; I don't recommend that
it be used in other situations.

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ