lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKywueTcQPhxNqTsx9WLkJTg9DkRV-TwqLdiA_PQWtO=M8iDfA@mail.gmail.com>
Date:	Thu, 16 May 2013 10:19:22 +0400
From:	Pavel Shilovsky <piastryyy@...il.com>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	Miklos Szeredi <miklos@...redi.hu>,
	linux-cifs <linux-cifs@...r.kernel.org>,
	Steve French <smfrench@...il.com>,
	Kernel Mailing List <linux-kernel@...r.kernel.org>,
	sjayaraman@...ell.com
Subject: Re: Mount failure due to restricted access to a point along the mount path

2013/5/14 Jeff Layton <jlayton@...hat.com>:
> On Fri, 10 May 2013 10:27:54 -0400
> Jeff Layton <jlayton@...hat.com> wrote:
>
>> On Fri, 10 May 2013 16:13:30 +0200
>> Miklos Szeredi <miklos@...redi.hu> wrote:
>>
>> > Hi,
>> >
>> > A while ago this was discussed:
>> >
>> >   http://thread.gmane.org/gmane.linux.kernel.cifs/7779
>> >
>> > This is essentially a regression introduced by the shared superblock
>> > changes in 3.0 and several SUSE customers are complaining about it.
>> > I've created a temporary fix which reverts 29 commits related to the
>> > shared superblock changes.  It works, but it's obviously not a
>> > permanent fix, especially since we definitely don't want to diverge
>> > from mainline.
>> >
>> > Is this issue being worked on?  Don't other distros have similar reports?
>> >
>> > Thanks,
>> > Miklos
>>
>> I don't know of anyone currently working on it. There are a couple of
>> possible approaches to fixing it, I think:
>>
>> 1) if the dentries to get down to the root of the mount don't already
>> exist, then attach some sort of "placeholder" inode that can be fleshed
>> out later if and when the dentry is accessed via other means.
>>
>> 2) do something like what NFS does (see commit 54ceac45). This becomes
>> a bit more complicated due to the fact that the server may not hand out
>> real inode numbers and we sometimes have to fake them up.
>>
>> #1 is probably simpler to implement, but I'll confess that I haven't
>> thought through all of the potential problems with it.
>>
>
> So, giving this some more thought, I think #2 is really the correct way
> to fix this. Here's the main problem though:
>
> Suppose someone mounts:
>
>     //server/share/foo/bar/baz
>
> We make the sb->s_root point to the top level share, and then create a
> disconnected dentry for "baz" to return from ->mount.
>
> Then, a little while later, //server/share gets mounted separately and
> a user walks down to /foo/bar/baz within the same share.
>
> How do we ensure that we don't end up with two "baz" dentries in this
> situation? With NFS, we can be reasonably sure that there's a 1:1
> correspondance of filehandle to inode.
>
> Under CIFS, it's possible that it's faking up inode numbers if the
> server doesn't provide them via a UniqueID field. The only real
> identifying info we have for the inode in that case is the pathname.
>
> Perhaps we'd be best off to just rip out the sb sharing after all.
> Getting all of the corner cases right when the protocol and server
> implementations are so problematic is really, really difficult.
>
> If we do go that route, then the fscache code will need some work since
> it uses the sharename as a sb cookie.

Another option is to add mount options shared and nonshared (default)
like NFS already has and let users use
sharing capability if the permissions on server allow walking through
a share path to a mount root.

--
Best regards,
Pavel Shilovsky.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ