lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 1 Nov 2010 17:09:58 +0000
From:	Tvrtko Ursulin <tvrtko.ursulin@...hos.com>
To:	Eric Paris <eparis@...hat.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
	"agruen@...e.de" <agruen@...e.de>
Subject: Re: [PATCH 10/20] fanotify: allow userspace to override max queue depth

On Thursday 28 Oct 2010 22:32:32 Eric Paris wrote:
> fanotify has a defualt max queue depth.  This patch allows processes which
> explicitly request it to have an 'unlimited' queue depth.  These processes
> need to be very careful to make sure they cannot fall far enough behind
> that they OOM the box.  Thus this flag is gated on CAP_SYS_ADMIN.
>
> Signed-off-by: Eric Paris <eparis@...hat.com>
> ---
>
>  fs/notify/fanotify/fanotify_user.c |    9 ++++++++-
>  include/linux/fanotify.h           |    5 +++--
>  2 files changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/fs/notify/fanotify/fanotify_user.c
> b/fs/notify/fanotify/fanotify_user.c index 04f2fe4..43d66d9 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -691,7 +691,14 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags,
> unsigned int, event_f_flags) goto out_put_group;
>       }
>
> -     group->max_events = FANOTIFY_DEFAULT_MAX_EVENTS;
> +     if (flags & FAN_UNLIMITED_QUEUE) {
> +             fd = -EPERM;
> +             if (!capable(CAP_SYS_ADMIN))
> +                     goto out_put_group;

Either this capable call is not needed or the one at the top of the syscall
needs to go if you intended to allow non-privileged access.

Tvrtko

Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ