lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070811025739.GA21244@infradead.org>
Date:	Sat, 11 Aug 2007 03:57:39 +0100
From:	Christoph Hellwig <hch@...radead.org>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	Trond Myklebust <trond.myklebust@....uio.no>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	v9fs-developer@...ts.sourceforge.net, zippel@...ux-m68k.org,
	dhowells@...hat.com, linux-cifs-client@...ts.samba.org,
	codalist@...EMANN.coda.cs.cmu.edu, joel.becker@...cle.com,
	linux-ext4@...r.kernel.org, fuse-devel@...ts.sourceforge.net,
	cluster-devel@...hat.com,
	user-mode-linux-user@...ts.sourceforge.net,
	mikulas@...ax.karlin.mff.cuni.cz, wli@...omorphy.com,
	jffs-dev@...s.com, jfs-discussion@...ts.sourceforge.net,
	ocfs2-devel@....oracle.com, reiserfs-devel@...r.kernel.org,
	bfennema@...con.csc.calpoly.edu, xfs@....sgi.com
Subject: Re: [PATCH 00/25] move handling of setuid/gid bits from VFS into individual setattr functions (RESEND)

On Fri, Aug 10, 2007 at 04:47:52PM -0400, Jeff Layton wrote:
> attr->ia_valid after the setattr operation returns. If either ATTR_KILL_*
> bit is set then BUG(). The helper function already clears those bits
> so anything using it should automatically be ok. We'd have to fix
> up NFS and a few others that don't implement suid/sgid.
> 
> This is not as certain as changing the name of the inode operation. It
> would only pop when someone is attempting to change a setuid/setgid
> file on these filesystems. Still, it should conceivably catch most if
> not all offenders. Would that be sufficient to take care of everyone's
> concerns?

I like the idea of checking ia_valid after return a lot.  But instead of
going BUG() it should just do the default action, that we can avoid
touching all the filesystem and only need to change those that need
special care.  I also have plans to add some new AT_ flags for implementing
some filesystem ioctl in generic code that would benefit greatly from
the ia_valid checkin after return to return ENOTTY fr filesystems not
implementing those ioctls.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ