lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20071022180835.GI583@fieldses.org>
Date:	Mon, 22 Oct 2007 14:08:35 -0400
From:	"J. Bruce Fields" <bfields@...ldses.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, viro@....linux.org.uk
Subject: Re: [PATCH] dcache: don't expose uninitialized memory in
	/proc/<pid>/fd/<fd>

Sorry for the delayed response:

On Wed, Oct 17, 2007 at 03:32:01PM -0700, Andrew Morton wrote:
> On Tue, 16 Oct 2007 15:35:57 -0400
> "J. Bruce Fields" <bfields@...ldses.org> wrote:
> 
> > From: J. Bruce Fields <bfields@...i.umich.edu>
> > 
> > Well, it's not especially important that target->d_iname get the
> > contents of dentry->d_iname, but it's important that it get initialized
> > with *something*, otherwise we're just exposing some random piece of
> > memory to anyone who reads the link at /proc/<pid>/fd/<fd> for the
> > deleted file, when it's still held open by someone.
> > 
> 
> hm, that was tricky.
> 
> > ---
> >  fs/dcache.c |    2 ++
> >  1 files changed, 2 insertions(+), 0 deletions(-)
> > 
> > (Am I missing something?  I've also run a test program that copies a
> > short (<36 character) name ontop of a long (>=36 character) name and see
> > that the first time I run it, without this patch, I get unpredicatable
> > results out of /proc/<pid>/fd/<fd>.)
> > 
> > diff --git a/fs/dcache.c b/fs/dcache.c
> > index 5663a31..24252fc 100644
> > --- a/fs/dcache.c
> > +++ b/fs/dcache.c
> > @@ -1483,6 +1483,8 @@ static void switch_names(struct dentry *dentry, struct dentry *target)
> >  			 * dentry:internal, target:external.  Steal target's
> >  			 * storage and make target internal.
> >  			 */
> > +			memcpy(target->d_iname, dentry->d_name.name,
> > +					dentry->d_name.len + 1);
> >  			dentry->d_name.name = target->d_name.name;
> >  			target->d_name.name = target->d_iname;
> >  		}
> 
> Or we could just stick a \0 in there.

The memcpy() makes the behavior agree with the code comments, and with
what the kernel normally otherwise does.  But, yeah, just making it a
null string would probably be reasonable too.

> Or perhaps we should set it to "(deleted file)"?

Looks like __d_path already adds a (deleted) for us, so that'de be
redundant.

--b.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ