lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <E1Njeua-0000Fd-2b@pomaz-ex.szeredi.hu>
Date:	Mon, 22 Feb 2010 21:29:48 +0100
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Al Viro <viro@...IV.linux.org.uk>
CC:	hch@...radead.org, miklos@...redi.hu,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	eugene@...hat.com, mtk.manpages@...il.com, 7eggert@....de
Subject: Re: [PATCH v2] vfs: add NOFOLLOW flag to umount(2)

On Sun, 21 Feb 2010, Al Viro wrote:
> On Thu, Feb 11, 2010 at 12:21:00PM -0500, Christoph Hellwig wrote:
> > On Wed, Feb 10, 2010 at 12:15:53PM +0100, Miklos Szeredi wrote:
> > >  - renamed flag to UMOUNT_NOFOLLOW
> > >  - added UMOUNT_UNUSED for feature detection
> > 
> > Umm, why?  MNT_ certainly isn't the best naming for unmount flags,
> > but switching convention after we had a few doesn't make any sense.
> 
> Actually, I've got more interesting question: what's being attempted
> there?  Is that just a "let's protect ourselves against somebody feeding
> us an untrusted symlink"?  I'm not sure if it makes much sense; if we
> are dealing with pathnames on untrusted fs, there's nothing to stop the
> attacker from having /mnt/foo/dir (originally containing a mountpoint
> at /mnt/foo/dir/usr) killed and replaced with a symlink to /, making any
> code that does umount() on such pathnames vulnerable as hell anyway.

It is trivial to check the path up to the mountpoint (chdir + getcwd).
But doing that on the mountpoint will make it busy, so NOFOLLOW is
really needed there.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ