lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <E1N63Io-000353-KX@pomaz-ex.szeredi.hu>
Date:	Thu, 05 Nov 2009 15:27:06 +0100
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
CC:	miklos@...redi.hu, akpm@...ux-foundation.org,
	viro@...IV.linux.org.uk, dhowells@...hat.com, hch@...radead.org,
	adilger@....com, mtk.manpages@...il.com,
	torvalds@...ux-foundation.org, drepper@...il.com,
	jamie@...reable.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 resend] vfs: new O_NODE open flag

On Thu, 5 Nov 2009, Alan Cox wrote:
> >  - re-opening normally after checking file type (there's a debate
> >    whether this would have security issues, but currently we do allow
> >    re-opening with increased permissions thorugh /proc/*/fd)
> 
> Which has already been demonstrated to be an (unfixed) security hole.

No it hasn't :)  Jamie theorized that there *might* be a real world
situation where the application writer didn't anticipate this
behavior.  But as to actual demonstration, we have not seen one yet, I
think.

And as for reopening O_NODE files with increased permission: that's
feature people actually expressed interest in, so it's hardly a
security hole, is it?

> 
> > Filesystems which want to install special file operations for O_NODE
> > opens (e.g. ioctl) may set S_OPEN_NODE flag in the inode.  This will
> 
> Wrong way around. The defailt should be that O_NODE fails for any handle
> which has not specifically added support.

Why?  O_NODE can be nicely implemented without any filesystem support.

The only filesystems that need to do anything special is things like
AFS which for example want to implement special ioctls, which work on
the node itself.

> You also need to address the open with no permissions pinning a removable
> device question.

The whole point of O_NODE is that it doesn't do that, it only goes as
far as the mnt/dentry for the filesystem node and not further.  It
does not get to touch the device at all, so it can't pin it or have
any other side effect.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ