lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20100714065337.GY6104@outflux.net>
Date:	Tue, 13 Jul 2010 23:53:37 -0700
From:	Kees Cook <kees.cook@...onical.com>
To:	"Serge E. Hallyn" <serge@...lyn.com>
Cc:	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Yama: verify inode is symlink to avoid bind mounts

On Tue, Jul 13, 2010 at 09:30:48PM -0500, Serge E. Hallyn wrote:
> Quoting Kees Cook (kees.cook@...onical.com):
> > The inode_follow_link LSM hook is called in bind mount situations as
> > well as for symlink situations, so we must explicitly check for the
> > inode being a symlink to not reject bind mounts in 1777 directories,
> 
> Are you sure about that??
> 
> If that's true, you might also expand the comment in
> include/linux/security.h.
> 
> > which seems to be a common NFSv4 configuration.

Well, the issue is how the NFSv4 client deals with it. It seems to treat
the mounts from the NFSv4 root as a symlink when the server is using bind
mounts.  It's kind of weird:
https://launchpad.net/bugs/604407

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ