lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121004161422.GF9092@outflux.net>
Date:	Thu, 4 Oct 2012 09:14:22 -0700
From:	Kees Cook <kees@...flux.net>
To:	Nick Bowler <nbowler@...iptictech.com>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Theodore Ts'o" <tytso@....edu>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Linux 3.6

On Thu, Oct 04, 2012 at 12:03:54PM -0400, Nick Bowler wrote:
> On 2012-10-04 08:49 -0700, Kees Cook wrote:
> > On Thu, Oct 04, 2012 at 09:35:04AM -0400, Nick Bowler wrote:
> > > On 2012-10-03 13:54 -0700, Linus Torvalds wrote:
> > > > On Wed, Oct 3, 2012 at 1:49 PM, Kees Cook <kees@...flux.net> wrote:
> > > > > I think the benefits of this being on by default outweigh glitches
> > > > > like this. Based on Nick's email, it looks like a directory tree of his
> > > > > own creation.
> > > > 
> > > > I agree that *one* report like this doesn't necessarily mean that we
> > > > need to turn it off, if Nick is happy to just fix up his script and
> > > > it's all local.
> > > > 
> > > > However, I suspect we'll see more. And once that happens, we're not
> > > > going to keep a default that breaks peoples old scripts, and we're
> > > > going to have to rely on distributions (or users) explicitly setting
> > > > it.
> > > 
> > > Yes, it is a directory of my own creation, intended as a place for users
> > > (read: me) to stick stuff on the local disk as opposed to on NFS.  It's
> > > pretty trivial for me to fixup everything to not need this symlink
> > > anymore (and I suspect it is the only offender); I just created the
> > > symlink in the first place so that I wouldn't have to change anything
> > > else.
> > > 
> > > (While on /this/ machine I created the directory, I have used shared lab
> > > machines with a similar setup).
> > > 
> > > The thing that bothers me most about all this is that it's basically
> > > impossible to see why things are failing without digging through the git
> > > tree or posting to the mailing list (or recalling earlier mailing list
> > > discussions about the restriction, as I vaguely do now).  You just
> > > suddenly get "permission denied" errors when all the permissions
> > > involved look fine.  As far as I know, the owner, group and mode of
> > > symlinks have always been completely meaningless.  Upgrade to 3.6, and
> > > they're suddenly meaningful in extremely non-obvious ways.
> > 
> > FWIW, there should have been an audit message about it in dmesg.
> 
> There were zero messages in the kernel log.
> 
>   # dmesg -C
>   # cd /tmp
>   # mkdir testdir
>   # ln -s testdir testlink
>   # chown -h nobody testlink
>   # cd testlink
>   cd: permission denied: testlink
>   # dmesg
>   (no output)

Well that's sad. :( Two situations I can think of for that:
- the kernel wasn't build with CONFIG_AUDIT
- auditd is running and hiding the notices in some other log file

-Kees

-- 
Kees Cook                                            @outflux.net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ