lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120331065305.GA3398@p183.telecom.by>
Date:	Sat, 31 Mar 2012 09:53:05 +0300
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	David Madore <david+ml@...ore.org>
Cc:	linux-kernel@...r.kernel.org, aneesh.kumar@...ux.vnet.ibm.com,
	viro@...iv.linux.org.uk
Subject: Re: since when does linkat() on deleted /proc/$PID/fd/$num return
 ENOENT ?

On Fri, Mar 30, 2012 at 12:21:21PM +0200, David Madore wrote:
> It used to be the case (last time I checked was around late 2008 or
> early 2009) that deleted entries from /proc/$PID/fd/ could be linked
> back to the filesystem by using linkat(,,,,AT_SYMLINK_FOLLOW).
> 
> Now this just returns ENOENT.
> 
> I'd like to understand when, how and why this change took place.  What
> commit introduced it and was it a deliberate move (e.g., because the
> feature was a security issue of itself, or came into conflict with
> something else) or was it accidental?

It was explicitly prohibited since 2.6.39:

commit aae8a97d3ec30788790d1720b71d76fd8eb44b73
Author: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
Date:   Sat Jan 29 18:43:27 2011 +0530

    fs: Don't allow to create hardlink for deleted file
    
    Add inode->i_nlink == 0 check in VFS. Some of the file systems
    do this internally. A followup patch will remove those instance.
    This is needed to ensure that with link by handle we don't allow
    to create hardlink of an unlinked file. The check also prevent a race
    between unlink and link
    
    Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
    Signed-off-by: Al Viro <viro@...iv.linux.org.uk>

diff --git a/fs/namei.c b/fs/namei.c
index 83e92ba..33be51a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2906,7 +2906,11 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 		return error;
 
 	mutex_lock(&inode->i_mutex);
-	error = dir->i_op->link(old_dentry, dir, new_dentry);
+	/* Make sure we don't allow creating hardlink to an unlinked file */
+	if (inode->i_nlink == 0)
+		error =  -ENOENT;
+	else
+		error = dir->i_op->link(old_dentry, dir, new_dentry);
 	mutex_unlock(&inode->i_mutex);
 	if (!error)
 		fsnotify_link(dir, inode, new_dentry);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ