| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130514130906.7f9525bf@corrin.poochiereds.net> Date: Tue, 14 May 2013 13:09:06 +0200 From: Jeff Layton <jlayton@...hat.com> To: Steve French <smfrench@...il.com> Cc: Miklos Szeredi <miklos@...redi.hu>, linux-cifs@...r.kernel.org, Kernel Mailing List <linux-kernel@...r.kernel.org>, sjayaraman@...ell.com Subject: Re: Mount failure due to restricted access to a point along the mount path On Tue, 14 May 2013 05:44:48 -0500 Steve French <smfrench@...il.com> wrote: > On Tue, May 14, 2013 at 3:51 AM, Jeff Layton <jlayton@...hat.com> wrote: > > On Fri, 10 May 2013 10:27:54 -0400 > > Jeff Layton <jlayton@...hat.com> wrote: > > > >> On Fri, 10 May 2013 16:13:30 +0200 > >> Miklos Szeredi <miklos@...redi.hu> wrote: > >> > >> > Hi, > >> > > >> > A while ago this was discussed: > >> > > >> > http://thread.gmane.org/gmane.linux.kernel.cifs/7779 > >> > > >> > This is essentially a regression introduced by the shared superblock > >> > changes in 3.0 and several SUSE customers are complaining about it. > >> > I've created a temporary fix which reverts 29 commits related to the > >> > shared superblock changes. It works, but it's obviously not a > >> > permanent fix, especially since we definitely don't want to diverge > >> > from mainline. > >> > > >> > Is this issue being worked on? Don't other distros have similar reports? > >> > > >> > Thanks, > >> > Miklos > >> > >> I don't know of anyone currently working on it. There are a couple of > >> possible approaches to fixing it, I think: > >> > >> 1) if the dentries to get down to the root of the mount don't already > >> exist, then attach some sort of "placeholder" inode that can be fleshed > >> out later if and when the dentry is accessed via other means. > >> > >> 2) do something like what NFS does (see commit 54ceac45). This becomes > >> a bit more complicated due to the fact that the server may not hand out > >> real inode numbers and we sometimes have to fake them up. > >> > >> #1 is probably simpler to implement, but I'll confess that I haven't > >> thought through all of the potential problems with it. > >> > > > > So, giving this some more thought, I think #2 is really the correct way > > to fix this. Here's the main problem though: > > > > Suppose someone mounts: > > > > //server/share/foo/bar/baz > > > > We make the sb->s_root point to the top level share, and then create a > > disconnected dentry for "baz" to return from ->mount. > > > > Then, a little while later, //server/share gets mounted separately and > > a user walks down to /foo/bar/baz within the same share. > > > > How do we ensure that we don't end up with two "baz" dentries in this > > situation? With NFS, we can be reasonably sure that there's a 1:1 > > correspondance of filehandle to inode. > > > > Under CIFS, it's possible that it's faking up inode numbers if the > > server doesn't provide them via a UniqueID field. The only real > > identifying info we have for the inode in that case is the pathname. > > Since this (support for server generated inode numbers) is most common > case (especially with SMB2 and later) - I don't mind making dependency > on the server supporting UniqueID for this. There are still some problems even when the server does supply them. We sometimes find that they aren't suitable for various reasons or aren't to be trusted, and the client disables server inode numbers on the fly. What do you do at that point if you already have 2 mounts sharing the superblock? -- Jeff Layton <jlayton@...hat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists