lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080501195152.GM12850@outflux.net>
Date:	Thu, 1 May 2008 12:51:52 -0700
From:	Kees Cook <kees@...onical.com>
To:	John Johansen <jjohansen@...e.de>
Cc:	Chris Mason <chris.mason@...cle.com>, jeffschroeder@...puter.org,
	linux-fsdevel@...r.kernel.org, kernel-team@...ts.ubuntu.com,
	linux-kernel@...r.kernel.org, linux-btrfs@...r.kernel.org,
	Tim Gardner <tim.gardner@...onical.com>
Subject: Re: Btrfs v0.14 Released

Hi,

On Thu, May 01, 2008 at 01:36:25PM -0600, Tim Gardner wrote:
> Chris Mason wrote:
> > On Thursday 01 May 2008, Tim Gardner wrote:
> > 
> > [ btrfs oops on ubuntu ]
> > 
> >>>>  This is because ubuntu kernels ship with apparmor, you'll need this
> >>>> patch:
> >>>>
> >>>>  If there is a #ifdef IM_A_UBUNTU_KERNEL I can use, I'll do it.  Jeff
> >>>> Mahoney has a similar patch for SUSE that I've been meaning to merge,
> >>>> but I wanted to lookup some way to check for ubuntu as well.
> >>>>
> >>>>  -chris
> >>>>
> >>>>  diff -r e7da2489b19b file.c
> >>>>  --- a/file.c    Wed Apr 30 13:59:35 2008 -0400
> >>>>  +++ b/file.c    Thu May 01 12:25:11 2008 -0400
> >>>>  @@ -852,7 +852,7 @@ static ssize_t btrfs_file_write(struct f
> >>>>                 goto out_nolock;
> >>>>         if (count == 0)
> >>>>                 goto out_nolock;
> >>>>  -       err = remove_suid(fdentry(file));
> >>>>  +       err = remove_suid(&file->f_path);
> >>>>         if (err)
> >>>>                 goto out_nolock;
> >>>>         file_update_time(file);
> >> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to
> >> work for Hardy. However the next development kernel (Intrepid) does not
> >> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is
> >> not specific enough.
> > 
> > I've been assuming the apparmor patches change remove_suid even when they are 
> > not enabled in the config.
> > 
> > -chris
> > 
> 
> Lets get Kees involved. He developed the patch set for Hardy. I would
> hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to
> its normal state.

I can't claim to have developed the patches, only helping coordinate
their merging into Ubuntu.  John Johansen is the real person we should
check with -- he did all the heavy lifting -- now added to discussion.
(Hi John!)

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ