lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20130507181504.GB12315@austin.hallyn.com>
Date:	Tue, 7 May 2013 13:15:04 -0500
From:	"Serge E. Hallyn" <serge@...lyn.com>
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	raven@...maw.net, autofs@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	sukadev@...ux.vnet.ibm.com, serge.hallyn@...onical.com,
	ebiederm@...ssion.com
Subject: Re: [PATCH 2/2] autofs4: translate pids to the right namespace for
 the daemon

Quoting Miklos Szeredi (miklos@...redi.hu):
> From: Miklos Szeredi <mszeredi@...e.cz>
> 
> The PID and the TGID of the process tringgering the mount are sent to the
> daemon.  Currently the global pid values are sent (ones valid in the initial pid
> namespace) but this is wrong if the autofs daemon itself is not running in the
> initial pid namespace.
> 
> So send the pid values that are valid in the namespace of the autofs daemon.
> 
> The namespace to use is taken from the oz_pgrp pid pointer, which was set at
> mount time to the mounting process' pid namespace.
> 
> If the pid translation fails (the triggering process is in an unrelated pid
> namespace) then the automount fails with ENOENT.
> 
> Cc: Serge E. Hallyn <serue@...ibm.com>

Makes sense.

Acked-by: Serge Hallyn <serge.hallyn@...onical.com>

Thanks, Miklos.

> Cc: Eric Biederman <ebiederm@...ssion.com>
> Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
> ---
>  fs/autofs4/waitq.c |   16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> --- a/fs/autofs4/waitq.c
> +++ b/fs/autofs4/waitq.c
> @@ -353,11 +353,23 @@ int autofs4_wait(struct autofs_sb_info *
>  	struct qstr qstr;
>  	char *name;
>  	int status, ret, type;
> +	pid_t pid;
> +	pid_t tgid;
>  
>  	/* In catatonic mode, we don't wait for nobody */
>  	if (sbi->catatonic)
>  		return -ENOENT;
>  
> +	/*
> +	 * Try translating pids to the namespace of the daemon.
> +	 *
> +	 * Zero means failure: we are in an unrelated pid namespace.
> +	 */
> +	pid = task_pid_nr_ns(current, ns_of_pid(sbi->oz_pgrp));
> +	tgid = task_tgid_nr_ns(current, ns_of_pid(sbi->oz_pgrp));
> +	if (pid == 0 || tgid == 0)
> +		return -ENOENT;
> +
>  	if (!dentry->d_inode) {
>  		/*
>  		 * A wait for a negative dentry is invalid for certain
> @@ -423,8 +435,8 @@ int autofs4_wait(struct autofs_sb_info *
>  		wq->ino = autofs4_get_ino(sbi);
>  		wq->uid = current_uid();
>  		wq->gid = current_gid();
> -		wq->pid = current->pid;
> -		wq->tgid = current->tgid;
> +		wq->pid = pid;
> +		wq->tgid = tgid;
>  		wq->status = -EINTR; /* Status return if interrupted */
>  		wq->wait_ctr = 2;
>  		mutex_unlock(&sbi->wq_mutex);
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ