lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1216256371.3070.66.camel@localhost.localdomain>
Date:	Wed, 16 Jul 2008 20:59:31 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Marc Dionne <marc.c.dionne@...il.com>
Cc:	LKML <linux-kernel@...r.kernel.org>, jmorris@...ei.org,
	sds@...ho.nsa.gov
Subject: Re: /proc/mounts unreadable - bisected

On Wed, 2008-07-16 at 20:53 -0400, Marc Dionne wrote:
> With current git, /proc/mounts is unreadable on my system, with any attempts to 
> read it returning EINVAL.  This breaks many init scripts, among other things.
> 
> I bisected it down to this commit:
> 
> commit 2069f457848f846cb31149c9aa29b330a6b66d1b
> Author: Eric Paris <eparis@...hat.com>
> Date:   Fri Jul 4 09:47:13 2008 +1000
> 
>      LSM/SELinux: show LSM mount options in /proc/mounts
> 
>      This patch causes SELinux mount options to show up in /proc/mounts.  As
>      with other code in the area seq_put errors are ignored.  Other LSM's
>      will not have their mount options displayed until they fill in their own
>      security_sb_show_options() function.
> 
> In my case, selinux_get_mnt_opts() never gets very far because 
> sbsec->initialized never becomes true, and the function systematically returns 
> EINVAL which is then passed back up to the reader of /proc/mounts.
> 
> Changing show_sb_opts() to always return 0 (it was a void function before this 
> commit) makes the system behave normally.
> 
> Now it's possible that my selinux config is hosed - I have it enabled in 
> permissive mode but I don't pay much attention to it - but the failure mode in 
> that case should probably be more graceful.  Seems like it would be better to 
> print out the available mount info minus the LSM options than to bail out 
> completely?

Yes, your SELinux config is hosed.  But I'll agree that we should just
pass over the LSM options in that case (since clearly there aren't any)
and not fail the read altogether.  Patch will be forthcoming.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ