| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 01 May 2008 16:10:19 -0400 From: Jeff Mahoney <jeffm@...e.com> To: Tim Gardner <tim.gardner@...onical.com> Cc: Chris Mason <chris.mason@...cle.com>, jeffschroeder@...puter.org, linux-fsdevel@...r.kernel.org, kernel-team@...ts.ubuntu.com, linux-kernel@...r.kernel.org, linux-btrfs@...r.kernel.org, John Johansen <jjohansen@...e.de> Subject: Re: Btrfs v0.14 Released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Gardner wrote: > Chris Mason wrote: >> On Thursday 01 May 2008, Tim Gardner wrote: >> >> [ btrfs oops on ubuntu ] >> >>>>> This is because ubuntu kernels ship with apparmor, you'll need this >>>>> patch: >>>>> >>>>> If there is a #ifdef IM_A_UBUNTU_KERNEL I can use, I'll do it. Jeff >>>>> Mahoney has a similar patch for SUSE that I've been meaning to merge, >>>>> but I wanted to lookup some way to check for ubuntu as well. >>>>> >>>>> -chris >>>>> >>>>> diff -r e7da2489b19b file.c >>>>> --- a/file.c Wed Apr 30 13:59:35 2008 -0400 >>>>> +++ b/file.c Thu May 01 12:25:11 2008 -0400 >>>>> @@ -852,7 +852,7 @@ static ssize_t btrfs_file_write(struct f >>>>> goto out_nolock; >>>>> if (count == 0) >>>>> goto out_nolock; >>>>> - err = remove_suid(fdentry(file)); >>>>> + err = remove_suid(&file->f_path); >>>>> if (err) >>>>> goto out_nolock; >>>>> file_update_time(file); >>> Couldn't you #ifdef based on CONFIG_SECURITY_APPARMOR ? This ought to >>> work for Hardy. However the next development kernel (Intrepid) does not >>> have the APPARMOR patches, so just knowing that its an UBUNTU kernel is >>> not specific enough. >> I've been assuming the apparmor patches change remove_suid even when they are >> not enabled in the config. >> >> -chris >> > > Lets get Kees involved. He developed the patch set for Hardy. I would > hope that if CONFIG_SECURITY_APPARMOR=n then the source would default to > its normal state. remove_suid() isn't the only change AppArmor makes to the VFS interface. It's pretty invasive and requires that dentries are passed with a companion vfsmount in most cases. Putting #ifdefs around all that code would make the problem worse, not better. - -Jeff - -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIGiOrLPWxlyuTD7IRAh3jAKCFCrBa30G5WDwmJHI+Yb4fNAfu2QCfTUmq Q6Sf0MVug2X0ywRcSrGi4eY= =QwF9 -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists