lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2818.1252160549@turing-police.cc.vt.edu>
Date:	Sat, 05 Sep 2009 10:22:29 -0400
From:	Valdis.Kletnieks@...edu
To:	Miklos Szeredi <mszeredi@...e.cz>,
	Andrew Morton <akpm@...ux-foundation.org>,
	John Johansen <jjohansen@...e.de>
Cc:	Matthew Wilcox <matthew@....cx>,
	Andreas Gruenbacher <agruen@...e.de>,
	Al Viro <viro@...iv.linux.org.uk>,
	Christoph Hellwig <hch@....de>, linux-kernel@...r.kernel.org
Subject: vfs-fix-d_path-for-unreachable-paths.patch

This patch apparently does something resembling what it's supposed to - the
first few lines of /proc/mounts now looks like:

% head -5 /proc/mounts
rootfs (unreachable)/ rootfs rw 0 0
/dev/root / ext3 rw,seclabel,noatime,nodiratime,user_xattr,acl,data=writeback,us
rquota,grpquota 0 0
/dev /dev tmpfs rw,seclabel,relatime,mode=755 0 0
/proc /proc proc rw,relatime 0 0
/sys /sys sysfs rw,relatime 0 0

The now-unreachable rootfs is the letftover initrd rootfs.

The patch commentary notes:

> This patch addresses all these issues, by prefixing such unreachable paths
> with "(unreachable)".  This isn't perfect since the returned path may
> still be a valid _relative_ path, and applications may not check the
> result of getcwd() for starting with a '/' before using it.

It turns out that some things don't check the contents of /proc/mounts for
starting with a / before using it either:

# /sbin/restorecon -v /etc/passwd
Full path required for exclude: (unreachable)/.

And strace shows it's a read of /proc/mounts, not a getcwd() call:

....
open("/proc/self/task/11479/attr/current", O_RDONLY) = 3
read(3, "staff_u:sysadm_r:setfiles_t:s0\0"..., 4095) = 31
close(3)                                = 0
uname({sys="Linux", node="turing-police.cc.vt.edu", ...}) = 0
open("/proc/mounts", O_RDONLY)          = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe
9ce36a000
read(3, "rootfs (unreachable)/ rootfs rw 0"..., 1024) = 1024
write(2, "Full path required for exclude: ("..., 48) = 48

The added "(unreachable) text also gives /etc/rc0.d/S01halt indigestion,
because it thinks it can do stuff like:

awk '$2 !~ /\/(|dev|proc|selinux|sys)$/ && $1 !~ /^\/dev\/ram/ { print $2 }' \
    /proc/mounts | sort -r | \
  while read line; do
    $UMOUNT -f $line
done

Somebody is buggy here, but I'm not sure who. The initrd for leaving a dangling
reference, the patch for breaking /proc/mounts, or /sbin/restorecon and the
shutdown script for being far too trusting of what the kernel tells it?


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ