lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100219110320.GL30031@ZenIV.linux.org.uk>
Date:	Fri, 19 Feb 2010 11:03:21 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	john.johansen@...onical.com
Cc:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH 01/12] Miscellaneous functions and defines needed by
 AppArmor, including the base path resolution routines.

On Fri, Feb 19, 2010 at 01:36:17AM -0800, john.johansen@...onical.com wrote:

> +static int d_namespace_path(struct path *path, char *buf, int buflen,
> +			    char **name, int flags)
> +{
> +	struct path root, tmp, ns_root = { };
> +	char *res;
> +	int deleted, connected;
> +	int error = 0;
> +
> +	read_lock(&current->fs->lock);
> +	root = current->fs->root;
> +	/* released below */
> +	path_get(&root);
> +	read_unlock(&current->fs->lock);
> +
> +	spin_lock(&vfsmount_lock);
> +	if (root.mnt && root.mnt->mnt_ns)
> +		/* released below */
> +		ns_root.mnt = mntget(root.mnt->mnt_ns->root);
> +	if (ns_root.mnt)
> +		/* released below */
> +		ns_root.dentry = dget(ns_root.mnt->mnt_root);
> +	spin_unlock(&vfsmount_lock);

Junk.  You might as well leave ns_root {NULL, NULL} instead of that crap.

> +	spin_lock(&dcache_lock);
> +	/* There is a race window between path lookup here and the
> +	 * need to strip the " (deleted) string that __d_path applies
> +	 * Detect the race and relookup the path
> +	 *
> +	 * The stripping of (deleted) is a hack that could be removed
> +	 * with an updated __d_path

Yes, it could.  Where's the patch doing just that?  Or discussion of
desired interface, at lease...

> +	if (flags & PATH_CHROOT_REL)
> +		connected = tmp.dentry == root.dentry && tmp.mnt == root.mnt;
> +	else
> +		connected = tmp.dentry == ns_root.dentry &&
> +			tmp.mnt == ns_root.mnt;
> +
> +	if (!connected && 
> +	    !(flags & PATH_CONNECT_PATH) &&
> +	    !((flags & PATH_CHROOT_REL) && (flags & PATH_CHROOT_NSCONNECT) &&
> +	      (tmp.dentry == ns_root.dentry && tmp.mnt == ns_root.mnt))) {
> +		/* disconnected path, don't return pathname starting with '/' */
> +		error = -ESTALE;
> +		if (*res == '/')
> +			*name = res + 1;

Explanations, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ