lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200708091923.56997.agruen@suse.de>
Date:	Thu, 9 Aug 2007 19:23:56 +0200
From:	Andreas Gruenbacher <agruen@...e.de>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	linux-kernel@...r.kernel.org, John Johansen <jjohansen@...e.de>,
	Jan Blunck <jblunck@...e.de>, Erez Zadok <ezk@...sunysb.edu>,
	Josef 'Jeff' Sipek <jsipek@...sunysb.edu>
Subject: Re: [RFC 04/10] Temporary struct vfs_lookup in file_permission

On Thursday 09 August 2007 01:24, Christoph Hellwig wrote:
> On Wed, Aug 08, 2007 at 11:41:06PM +0200, Andreas Gruenbacher wrote:
> > Lookup or not doesn't actually matter. Think of fchdir(2): it does a 
> > permission check, and it should also pass down the LOOKUP_CHDIR flag.
> 
> fchdir per defintion doesn't do any lookup, and it should not pretend to be
> doing one.

fchdir doesn't pretend to do a lookup by passing the LOOKUP_CHDIR flag, it 
indicates that a chdir is being done. The lookup happened earlier at a time 
at which the kernel didn't know that a chdir would follow. If fchdir doesn't 
pass down the LOOKUP_CHDIR flag, then that flag is pretty pointless: it could 
be bypassed any time by an open followed by fchdir.

> > The vfsmnt that this patch passes down in file_permission() is not some
> > crap as you chose to call it, it's the appropriate vfsmnt.
> 
> No, it's wrong.  There is no path except for informal purposes attached to
> a struct file.

I'm sorry, but the dentry and vfsmnt in struct file is *not* only used for 
informational purposes: openat does a lookup relative to a file's dentry and 
vfsmnt, and there are other examples as well.

The dentry and vfsmnt identify a particular object in the filesystem 
hierarchy. As long as the file hasn't been deleted, they can be used to 
compute a pathname that leads to the file (if the file is reachable at all). 
You can used that pathname for more than informational purposes. It is real, 
and canonical too.

> I created file_permission to document that clearly and people don't try
> things like this. There's lots of chances where fs passing has happened,

						  ^ you must mean fd passing

> were into a lazily detached tree, after a pviot_root, etc where trying to do
> anything that remotely looks like pathname based operation just doesn't make
> any sense in this case.

What you are saying doesn't make sense. It makes perfect sense to compute the 
pathname of an open file in some situations. Obviously it does not make sense 
when the file has been deleted, and you really do want to detect when a file 
has become unreachable (lazily unmounted, other namespace, whatever). You 
will always find that out when trying to compute its pathname, so that's not 
an issue. (Caveat: this requires the d_path fixes I have posted earlier.)

Thanks,
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ