lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4B05C817.9020705@canonical.com>
Date:	Thu, 19 Nov 2009 14:35:03 -0800
From:	John Johansen <john.johansen@...onical.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
CC:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH 00/23] Removal of binary sysctl support

Eric W. Biederman wrote:
> Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:
> 
>> Hello.
>>
>> Eric W. Biederman wrote:
>>>> Indeed. TOMOYO and AppArmor need a hint for prepending "/proc" prefix.
>>>> A simple implementation which adds one bit to task_struct is shown below.
>>>> In this way, not only the file permission checks inside dentry_open()
>>>> but also the directory permission checks inside vfs_path_lookup() can be
>>>> prepended "/proc" prefix. AppArmor might want to prepend "/proc" inside
>>>> vfs_path_lookup().
>>> There don't appear to be any security hooks in vfs_path_lookup().
>>>
>> OK. Then, AppArmor won't be confused.
>>
>>> Instead of current->in_sysctl we can just look at the path and see if
>>> it is the root of the mount chain and if the fs is proc.
>>>
>>> Something like:
>>>
>>> diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
>>> index 5f2e332..0b55faa 100644
>>> --- a/security/tomoyo/realpath.c
>>> +++ b/security/tomoyo/realpath.c
>>> @@ -108,6 +108,15 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
>>>  		spin_unlock(&dcache_lock);
>>>  		path_put(&root);
>>>  		path_put(&ns_root);
>>> +		/* Prepend "/proc" prefix if using internal proc vfs mount. */
>>> +		if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) &&
>>> +		    (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) {
>>> +			sp -= 5;
>>> +			if (sp >= newname)
>>> +				memcpy(sp, "/proc", 5);
>>> +			else
>>> +				sp = ERR_PTR(-ENOMEM);
>>> +		}
>>>  	}
>>>  	if (IS_ERR(sp))
>>>  		error = PTR_ERR(sp);
>> Above patch works. Please proceed. Thank you.
>>
>> Acked-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>>
>> Why not to use path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC rather than
>> strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0 ?
> 
> Brain short circuit.
> 
The patch look good to me too.

Acked-by: John Johansen <john.johansen@...onical.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ