lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4ECD2F19.6070601@control.lth.se>
Date:	Wed, 23 Nov 2011 18:36:25 +0100
From:	Anders Blomdell <anders.blomdell@...trol.lth.se>
To:	Alexander Viro <viro@...iv.linux.org.uk>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: It would be preferable to do a mount --bind --make-private in one
 atomic action [ASCII art this time]

Sorry about previous posts used character set!

The rationale is the race problems I recently found with pam_namspace 
(see https://bugzilla.redhat.com/show_bug.cgi?id=755216). The following 
small script and it's output shows what pam_namespace essentially does 
does, and the problems that might occur; assume that /work is 
automounted, then the following really confuses things:

(
echo '# Empty work'
findmnt -a | cut -c1-30 | grep work
echo '# First primary mount on work'
ls -ld /work/Fedora-16/.
findmnt -a | cut -c1-30 | grep work
unshare --mount -- /bin/sh -c "(
     mount --bind /work /work ;
     mount --make-private /work ;
     mount --bind /tmp /work ;
     echo '# Detached mount of work' ;
     findmnt -a | cut -c1-30 | grep work ;
     sleep 5 ;
     echo '# Before detached unmount of private work' ;
     findmnt -a | cut -c1-30 | grep work;
     umount /work ;
     echo '# Before detached unmount of bound work' ;
     findmnt -a | cut -c1-30 | grep work;
     echo '# Weird detached automount behaviour' ;
     ls -ld /work/Fedora-15/. ;
     umount /work ;
     echo '# Detached unmount') &"
sleep 1
echo '# Second primary mount on work'
ls -ld /work/Fedora-15/.
findmnt -a | cut -c1-30 | grep work
echo '# First primary mount on work no longer accessible'
ls -ld /work/Fedora-16/.
sleep 10
echo '# And the final remaining cruft'
findmnt -a | cut -c1-30 | grep work
)

Which gives the following output (no wonder I had problems understanding 
what went wrong with my machines :-():

# Empty work
|-/work
# First primary mount on work
drwxr-xr-x 4 root root 4096 Nov 23 17:59 /work/Fedora-16/.
|-/work
| `-/work/Fedora-16
# Detached mount of work
|-/work
| |-/work/Fedora-16
| `-/work
|   `-/work
# Second primary mount on work
drwxr-xr-x 4 root root 4096 Nov 23 17:59 /work/Fedora-15/.
|-/work
| |-/work/Fedora-16
| |-/work
| | `-/work/Fedora-15
| `-/work/Fedora-15
# First primary mount on work no longer accessible
ls: cannot access /work/Fedora-16/.: Too many levels of symbolic links
# Before detached unmount of private work
|-/work
| |-/work/Fedora-16
| |-/work
| | `-/work
| `-/work/Fedora-15
# Before detached unmount of bound work
|-/work
| |-/work/Fedora-16
| |-/work
| `-/work/Fedora-15
# Weird detached automount behaviour
ls: cannot access /work/Fedora-15/.: Too many levels of symbolic links
# Detached unmount
# And the final remaining cruft
|-/work
| |-/work/Fedora-16
| |-/work
| | `-/work/Fedora-15
| `-/work/Fedora-15

-- 
Anders Blomdell                  Email: anders.blomdell@...trol.lth.se
Department of Automatic Control
Lund University                  Phone:    +46 46 222 4625
P.O. Box 118                     Fax:      +46 46 138118
SE-221 00 Lund, Sweden

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ