lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080415213402.GA6446@sergelap.austin.ibm.com>
Date:	Tue, 15 Apr 2008 16:34:02 -0500
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Michael Halcrow <mhalcrow@...ibm.com>,
	linux-fsdevel@...r.kernel.org, containers@...ts.osdl.org,
	linux-kernel@...r.kernel.org, ecryptfs-devel@...ts.sourceforge.net
Subject: Re: [PATCH 1/2] eCryptfs: Introduce device handle for userspace
	daemon communications

Quoting Andrew Morton (akpm@...ux-foundation.org):
> On Tue, 15 Apr 2008 15:23:13 -0500
> Michael Halcrow <mhalcrow@...ibm.com> wrote:
> 
> > Functions to facilitate reading and writing to the eCryptfs
> > miscellaneous device handle. This will replace the netlink interface
> > as the preferred mechanism for communicating with the userspace
> > eCryptfs daemon.
> > 
> > Each user has his own daemon, which registers itself by opening the
> > eCryptfs device handle. Only one daemon per euid may be registered at
> > any given time. The eCryptfs module sends a message to a daemon by
> > adding its message to the daemon's outgoing message queue. The daemon
> > reads the device handle to get the oldest message off the queue.
> > 
> > Incoming messages from the userspace daemon are immediately
> > handled. If the message is a response, then the corresponding process
> > that is blocked waiting for the response is awakened.
> > 
> 
> This is a drastic change, but the changelog doesn't tell us why it is being
> made!
> 
> > ...
> > +	rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
> > +	if (daemon->pid != current->pid) {
> > +	rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
> > +	BUG_ON(current->euid != daemon->euid);
> > +	BUG_ON(current->pid != daemon->pid);
> 
> This code uses pids and uids all over the place.  Will it operate correctly
> in a containerised environment?

Thanks Andrew.

Mike, the pid_t definately needs to be replaced with a struct pid.

As for the euid, it'd be best if you also compared the user_namespace *
to make sure we support one ecryptfs deamon per user namespace.

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ