lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 05 Sep 2006 00:53:59 -0400
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Ian Kent <raven@...maw.net>
Cc:	David Howells <dhowells@...hat.com>, Andrew Morton <akpm@...l.org>,
	torvalds@...l.org, steved@...hat.com,
	linux-fsdevel@...r.kernel.org, linux-cachefs@...hat.com,
	nfsv4@...ux-nfs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/7] Permit filesystem local caching and NFS superblock
	sharing [try #13]

On Tue, 2006-09-05 at 12:03 +0800, Ian Kent wrote:
> Sure but this is an old version of autofs which is in use so changing
> the expected behavior of a system call is not acceptable and I expect
> other applications may well have a problem with this also.

Applications that rely on mkdir() to never return EACCES are broken.
Particularly so in an selinux system (as was the case here).

Note that an ordinary application will not see this: if I do

Machine 1				Machine 2
---------				---------
mkdir foo
					mkdir foo/bar
					chmod 555 foo/bar foo
mkdir foo/bar
mkdir: cannot create directory 
`foo/bar': File exists

i.e. as expected. So this really only affects applications that are not
supposed to be calling mkdir() in the first place.

> > > It is coping with the EACCESS return by not mounting the filesystem
> > > which is the correct response in this case.
> > 
> > No it isn't. The directory exists. It can be looked up. There is no
> > reason why you can't mount something on top of it.
> > 
> > Being permitted to do mkdir() or not has nothing to do with anything.
> 
> Agreed.
> 
> The fact that it's a mkdir is irrelevant given that nfs_lookup is
> returning an EACCESS instead of EEXIST this will likely affect other
> system calls such as "stat". I'll check this.

In both cases, the call to vfs_mkdir() is returning the EACCES. Not
nfs_lookup. The reason why we are no longer returning EEXIST is because
the intents have changed due to the patch

http://kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a634904a7de0d3a0bc606f608007a34e8c05bfee;hp=ddeff520f02b92128132c282c350fa72afffb84a

I suspect that reverting that patch would 'fix' the autofs bug.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ