lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 3 Jul 2008 14:58:56 -0700
From:	Joel Becker <Joel.Becker@...cle.com>
To:	Louis Rilling <louis.rilling@...labs.com>
Cc:	linux-kernel@...r.kernel.org, ocfs2-devel@....oracle.com
Subject: Re: [Ocfs2-devel] [BUGFIX][PATCH 1/2] configfs: Prevent userspace
	from creating new entries under attaching directories

On Thu, Jun 26, 2008 at 08:05:48PM +0200, Louis Rilling wrote:
> This commit fixes 1/, tagging new directories with CONFIGFS_USET_CREATING before
> building the inode and instantiating the dentry, and validating the whole
> group+default groups hierarchy in a second pass by clearing
> CONFIGFS_USET_CREATING.

	Man, I'm wary of all these in-flight flags.  I hope they are all
orthogonal :-)

> 	mkdir(), symlink(), lookup(), and dir_open() simply return -ENOENT if
> called in (or linking to) a directory tagged with CONFIGFS_USET_CREATING. This

	Why not block until the create is done?

> +	/*
> +	 * Fake invisibility if dir belongs to a group/default groups hierarchy
> +	 * being attached
> +	 *
> +	 * This forbids userspace to read/write attributes of items which may
> +	 * not complete their initialization, since the dentries of the
> +	 * attributes won't be instantiated.
> +	 */
int configfs_dirent_is_ready(struct configfs_dirent *sd)
{
	int err = 0;
> +	spin_lock(&configfs_dirent_lock);
> +	if (parent_sd->s_type & CONFIGFS_USET_CREATING)
> +		err = -ENOENT;
> +	spin_unlock(&configfs_dirent_lock);
	return err;
}

	Then use is_ready() in the five places you check it ;-)  Perhaps
change configfs_validate_dir() to configfs_dir_set_ready().  I do like
the way validate_dir() is coded.

Joel

-- 

"There are only two ways to live your life. One is as though nothing
 is a miracle. The other is as though everything is a miracle."
        - Albert Einstein

Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker@...cle.com
Phone: (650) 506-8127
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists