lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 20 May 2013 17:10:01 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Stanislav Kinsbursky <skinsbursky@...allels.com>
Cc:	akpm@...ux-foundation.org, jlayton@...hat.com,
	lucas.demarchi@...fusion.mobi, rusty@...tcorp.com.au,
	linux-kernel@...r.kernel.org, bfields@...ldses.org,
	viro@...iv.linux.org.uk, bharrosh@...asas.com, devel@...nvz.org
Subject: Re: [RFC PATCH] kmod: add ability to swap root in usermode helper

On 05/20, Stanislav Kinsbursky wrote:
>
> 20.05.2013 17:57, Oleg Nesterov пишет:
>>
>> Why do we need the new member/arguments?
>>
>>> @@ -215,6 +216,9 @@ static int ____call_usermodehelper(void *data)
>>>   	 */
>>>   	set_user_nice(current, 0);
>>>
>>> +	if (sub_info->root)
>>> +		set_fs_root(current->fs, sub_info->root);
>>
>> Can't subprocess_info->init() do this? You can pass root as ->data.
>>
>> IOW, unless I missed something, nfs can do this without any changes
>> in kmod.c.
>>
>> Oleg.
>>
>
> Thanks for the comment.
> Yes, it definitely can. But, NFS server in the the only place. Usermode helper in
> called from NFS client code and thus the same functionality is required there as well.

Not sure I understand... OK, and why NFS client can't use the same
functionality?

> Moreover, set_fs_root() is not exported.

Then it should be exported, I think ;)

Or you can export the new helper.

> And adding an ability of a root swap to usermode helper looks quite logical. At least from the
> "containers" point of view, which usually have it's own root.

But it is not logical to uglify the code, imho.

OK, why nfs can't simply use this code

	static int umh_set_fs_root(struct subprocess_info *info, struct cred *new)
	{
		set_fs_root(current->fs, sub_info->data);
		return 0;
	}

	int call_usermodehelper_root(char *path, char **argv, char **envp, int wait,
				     struct path *root)
	{

		struct subprocess_info *info;

		info = call_usermodehelper_setup(path, argv, envp, gfp_mask,
							umh_set_fs_root, NULL, root);
		if (info == NULL)
			return -ENOMEM;
		return call_usermodehelper_exec(info, wait);
	}

? Why do you want to add the new member, the new arguments, the new helpers?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ