lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080321155451.GU10722@ZenIV.linux.org.uk>
Date:	Fri, 21 Mar 2008 15:54:51 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	haveblue@...ibm.com, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, neilb@...e.de,
	akpm@...ux-foundation.org, hch@...radead.org
Subject: Re: r-o bind in nfsd

On Fri, Mar 21, 2008 at 03:59:44PM +0100, Miklos Szeredi wrote:
> Why is it that in fs/nfsd/vfs.c only vfs_mknod() and vfs_rename() are
> surrounded by mnt_want_write/mnt_drop_write, and not the other
> operations (vfs_create, vfs_mkdir, vfs_symlink, ...)?
> 
> I noticed this while looking at the AppArmor patches, which need to
> pass the vfsmount down to the security module.  And I'm wondering, why
> can't mnt_want_write() and mnt_drop_write() be done _inside_ vfs_foo()?
> 
> I know there are a few cases, where filesystems call vfs_foo()
> internally, where the vfsmount isn't available, but I think the proper
> solution is just to fix those places, and not recurse back into the
> VFS (which is AFAICS in all those cases totally unnecessary anyway).
> This would make everybody happy, no?

Apparmor can go play with itself.  The proper fix is to lift the LSM nonsense
into callers and leave vfs_...() alone; vfsmounts should *not* be passed
there at all, with the exception of vfs_follow_link() which gets the full
nameidata.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ