lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1323034020-28780-1-git-send-email-john.johansen@canonical.com>
Date:	Sun,  4 Dec 2011 13:27:00 -0800
From:	John Johansen <john.johansen@...onical.com>
To:	linux-kernel@...r.kernel.org
Cc:	linux-security-module@...r.kernel.org, viro@...IV.linux.org.uk
Subject: [PATCH] Remove use of mnt_ns->root and fix a couple of bugs in d_namespace_path

Remove the unnecassary use of mnt_ns->root from path lookups, and replace
it with passing stuct path { NULL, NULL } to __d_path.  As part of this
remove the disconnect case CHROOT_NSCONNECT which is ununsed.

Fix the sysctl check to use path.dentry, instead of the unsafe tmp.dentry

Adjust the return code for disconnected from -ESTALE to -EACCES as AppArmor
is denying access.

Signed-off-by: John Johansen <john.johansen@...onical.com>
---
 security/apparmor/file.c |    2 +-
 security/apparmor/path.c |   57 +++++++++++++++++++--------------------------
 2 files changed, 25 insertions(+), 34 deletions(-)

diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 7312db7..8d7806e 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -289,7 +289,7 @@ int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
 			perms.allow = request;
 		} else if (error == -ENOENT)
 			info = "Failed name lookup - deleted entry";
-		else if (error == -ESTALE)
+		else if (error == -EACCES)
 			info = "Failed name lookup - disconnected path";
 		else if (error == -ENAMETOOLONG)
 			info = "Failed name lookup - name too long";
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 36cc0cc..670d40d 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -57,22 +57,17 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
 static int d_namespace_path(struct path *path, char *buf, int buflen,
 			    char **name, int flags)
 {
-	struct path root, tmp;
+	struct path root, tmp = { };
 	char *res;
-	int connected, error = 0;
+	int error = 0;
+
+	get_fs_root(current->fs, &root);
 
 	/* Get the root we want to resolve too, released below */
-	if (flags & PATH_CHROOT_REL) {
+	if (flags & PATH_CHROOT_REL)
 		/* resolve paths relative to chroot */
-		get_fs_root(current->fs, &root);
-	} else {
-		/* resolve paths relative to namespace */
-		root.mnt = current->nsproxy->mnt_ns->root;
-		root.dentry = root.mnt->mnt_root;
-		path_get(&root);
-	}
+		tmp = root;
 
-	tmp = root;
 	res = __d_path(path, &tmp, buf, buflen);
 
 	*name = res;
@@ -97,10 +92,17 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
 			goto out;
 	}
 
-	/* Determine if the path is connected to the expected root */
-	connected = tmp.dentry == root.dentry && tmp.mnt == root.mnt;
+	/* is the path a sysctl? */
+	if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
+	    strncmp(*name, "/sys/", 5) == 0) {
+		/* TODO: convert over to using a per namespace
+		 * control instead of hard coded /proc
+		 */
+		error = prepend(name, *name - buf, "/proc", 5);
+	}
 
-	/* If the path is not connected,
+	/* Determine if the path is connected to the expected root
+	 * If the path is not connected,
 	 * check if it is a sysctl and handle specially else remove any
 	 * leading / that __d_path may have returned.
 	 * Unless
@@ -111,25 +113,14 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
 	 *     of chroot) and specifically directed to connect paths to
 	 *     namespace root.
 	 */
-	if (!connected) {
-		/* is the disconnect path a sysctl? */
-		if (tmp.dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
-		    strncmp(*name, "/sys/", 5) == 0) {
-			/* TODO: convert over to using a per namespace
-			 * control instead of hard coded /proc
-			 */
-			error = prepend(name, *name - buf, "/proc", 5);
-		} else if (!(flags & PATH_CONNECT_PATH) &&
-			   !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
-			     (tmp.mnt == current->nsproxy->mnt_ns->root &&
-			      tmp.dentry == tmp.mnt->mnt_root))) {
-			/* disconnected path, don't return pathname starting
-			 * with '/'
-			 */
-			error = -ESTALE;
-			if (*res == '/')
-				*name = res + 1;
-		}
+	if ((tmp.dentry == root.dentry && tmp.mnt == root.mnt) &&
+	    !(flags & PATH_CONNECT_PATH)) {
+		/* disconnected path, don't return pathname starting
+		 * with '/'
+		 */
+		error = -EACCES;
+		if (*res == '/')
+			*name = res + 1;
 	}
 
 out:
-- 
1.7.5.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ