| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20091109081131.7ebfde76@tlielax.poochiereds.net> Date: Mon, 9 Nov 2009 08:11:31 -0500 From: Jeff Layton <jlayton@...hat.com> To: ebiederm@...ssion.com (Eric W. Biederman) Cc: Jamie Lokier <jamie@...reable.org>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, adobriyan@...il.com, viro@...IV.linux.org.uk Subject: Re: [PATCH] proc: revalidate dentry returned by proc_pid_follow_link On Sun, 08 Nov 2009 19:30:55 -0800 ebiederm@...ssion.com (Eric W. Biederman) wrote: > Jeff Layton <jlayton@...hat.com> writes: > > >> Hmm. Looking at the code I get the impression that a file bind mount > >> will have exactly the same problem. > >> > >> Can you confirm. > >> > >> If file bind mounts also have this problem a bugfix to to just > >> proc seems questionable. > >> > > > > I'm not sure I understand what you mean by "file bind mount". Is that > > something like mounting with "-o loop" ? > > # cd /tmp > # echo foo > foo > # echo bar > bar > # mount --bind foo bar > # cat bar > foo > # > > > I'm not at all opposed to fixing this in a more broad fashion, but as > > best I can tell, the only place that LAST_BIND is used is in procfs. > > proc does appear to be the only user of LAST_BIND. With a file bind > mount we can get to the same ok: label without a revalidate. The > difference is that we came from __follow_mount instead of follow_link. > > At least that is how I read the code. > Thanks. Yes, you're correct. That scenario does seem to have a similar problem. I'm not quite sure yet how to fix it there yet. It's easy enough to force a d_revalidate at a higher level. The tricky bit is what to do when that returns 0 or an error. When I spoke to Al about this, he suggested returning -ESTALE from the follow_link routine if that occurs. That would force LOOKUP_REVAL to get set and cause the whole chain of dentries to be revalidated back up to the root (if necessary). That's a little more difficult in the file bind mount case as I don't see where it calls link_path_walk at all and hence can't really deal with an ESTALE on a reval properly. I'll need to study this code some more to see what the right fix is. If you (or anyone) has a suggestion, I'd love to hear it. -- Jeff Layton <jlayton@...hat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists