lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200901140858.n0E8wE9v099032@www262.sakura.ne.jp>
Date:	Wed, 14 Jan 2009 17:58:14 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To:	jmorris@...ei.org
Cc:	akpm@...ux-foundation.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [TOMOYO #14 (mmotm 2008-12-30-16-05) 03/10] Introduce d_realpath().

James Morris wrote:
> > (3) /proc/PID/ is represented as /proc/self/ if PID equals current->tgid.
> 
> This needs an ack from Al and/or Christoph.
> 
It is a sad thing that I cannot use /proc/self/ (which is the only part where
a pathname based access control can prevent current process from accessing
other process's information), but I purged d_realpath() for now.

Next posting (#15) will embed AppArmor's d_namespace_path()-like function
into TOMOYO's code.

/* d_namespace_path() in OpenSUSE 11.1's 2.6.27.7-9.1 kernel. */
char *d_namespace_path(struct dentry *dentry, struct vfsmount *vfsmnt,
		       char *buf, int buflen)
{
	struct path root, tmp, ns_root = { };
	struct path path = { .mnt = vfsmnt, .dentry = dentry };
	char *res;

	read_lock(&current->fs->lock);
	root = current->fs->root;
	path_get(&current->fs->root);
	read_unlock(&current->fs->lock);
	spin_lock(&vfsmount_lock);
	if (root.mnt && root.mnt->mnt_ns)
		ns_root.mnt = mntget(root.mnt->mnt_ns->root);
	if (ns_root.mnt)
		ns_root.dentry = dget(ns_root.mnt->mnt_root);
	spin_unlock(&vfsmount_lock);
	tmp = ns_root;
	res = __d_path(&path, &tmp, buf, buflen,
		       D_PATH_FAIL_DELETED | D_PATH_DISCONNECT);
	path_put(&root);
	path_put(&ns_root);

	/* Prevent empty path for lazily unmounted filesystems. */
	if (!IS_ERR(res) && *res == '\0')
		*--res = '.';
	return res;
}

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ