lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070206095231.GD5328@infradead.org>
Date:	Tue, 6 Feb 2007 09:52:31 +0000
From:	Christoph Hellwig <hch@...radead.org>
To:	Andreas Gruenbacher <agruen@...e.de>
Cc:	Christoph Hellwig <hch@...radead.org>, Tony Jones <tonyj@...e.de>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	chrisw@...s-sol.org, linux-security-module@...r.kernel.org,
	viro@...iv.linux.org.uk
Subject: Re: [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks

On Mon, Feb 05, 2007 at 06:13:26PM -0800, Andreas Gruenbacher wrote:
> On Monday 05 February 2007 10:44, Christoph Hellwig wrote:
> > Looking at the actual patches I see you're lazy in a lot of places.
> > Please make sure that when you introduce a vfsmount argument somewhere
> > that it is _always_ passed and not just when it's conveniant.  Yes, that's
> > more work, but then again if you're not consistant anyone half-serious
> > will laught at a security model using this infrasturcture.
> 
> It may appear like laziness, but it's not. Let's look at where we're passing 
> NULL at the moment:

You know, I've tracked a lot of this down previously when I submitted patches
to add vfsmount arguments to the vfs_ helpers, just to get tought by Al
that this is a bad idea :)

> fs/hpfs/namei.c
> 
> 	In hpfs_unlink, hpfs truncates one of its own inodes through
> 	notify_change(). You definitely don't want any lsms to interfere here,
> 	pathname based or not; hpfs should probably truncate its inode itself
> 	instead. But given that hpfs goes via the vfs, we at least pass NULL
> 	to indicate that this file really has no meaningful paths to it
> 	anymore. (In addition, we don't really have a vfsmount at this
> 	point anymore, and neither would it make sense to pass it there.)
> 
> 	To play more nicely with other lsms, hpfs could mark the inode as
> 	private before attempting the truncate.

The right fix would be to not go through the vfs.  Or even better to
remove the utter hack.  See my previous patch on this subject and the
discussion started on it.

> fs/reiserfs/xattr.c
> 
> 	The directories an files that reiserfs uses internally to store xattrs
> 	are hanging off ".reiserfs_priv/xattrs" in the filesystem. This part
> 	of the namespace is not accessible or visible from user space though
> 	except through the xattr syscalls.
> 
> 	Reiserfs should probably just mark all its xattr inodes as private in order
> 	to play nicely with other lsms. As far as pathname based lsms are concerned,
> 	pathnames to those fs-internal objects are meaningless though, and so we
> 	pass NULL here.

Well, the 100% correct fix would be to rip out the braindead reiserfs
xattr code :)
Of course that's not an option, but reiserfs would be much better of
stop using vfs_rmdir.  It really doesn't need most of the checks in there
and should just call into reiserfs_rmdir instead of doing this useless
trip into vfs land.

> fs/sysfs/file.c

> fs/nfsd/vfs.c and fs/nfsd/nfs4recover.c
> 
> 	For nfsd, the concept of pathnames is a bit peculiar. I'll try to respond to
> 	that separately.

the actually nfsd filehandle code is conceptually trivially fixable,
although with quite a bit of code churn.  As mention I'll soon submit
a patch for it.  nfs4recover.c is broken beyond repair and should just
be deleted from the tree.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ