lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Jul 2013 19:07:19 +0800
From:	Li Zhong <zhong@...ux.vnet.ibm.com>
To:	viro@...IV.linux.org.uk
Cc:	linuxram@...ibm.com, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, Li Zhong <zhong@...ux.vnet.ibm.com>
Subject: [RFC PATCH 0/2] partial revoke implementation for procfs

Hi Al Viro, 

I tried to implement what you proposed in:
https://lkml.org/lkml/2013/4/5/15

When you have time, would you please help to take a look at it, and give your 
comments? 
I sent the draft early, just want to make sure I didn't misunderstand anything
in your proposal, and what I did and next step plan are not heading the wrong
direction.

This is only an initial draft to do only what procfs is needed

1. didn't do anything about kick, mmap, fasync, ... and something you mentioned
in following mails

2. I only wrapped f_ops in vfs which are used by procfs ( but maybe I still
missed something). 

3. It seems all f_ops are const, so I couldn't easliy clear the pointer of
->owner, maybe that needs every calling site of proc_create(_data) to make sure
the proc_fops doesn't have ->owner set? 

Currently, I added an ugly check in __fput, so if if ->f_revoke is set in file,
we don't call fput_ops; and in proc_reg_open(), restore the old ->f_op if
make_revokable() fails.

patch 1: adding the implementation proposed in your mail
patch 2: convert procfs to use this implementation

If there aren't any big issues, I plan to look for another file system 
(with backing device) to try other things that's not implemented this time.

Thanks, Zhong

Li Zhong (2):
  vfs: partial revoke implementation suggested by Al Viro
  proc: covert procfs to use the general revoke implementation

 fs/Makefile            |    2 +-
 fs/compat_ioctl.c      |    8 +-
 fs/eventpoll.c         |   10 ++-
 fs/file_table.c        |   13 ++-
 fs/ioctl.c             |    7 +-
 fs/proc/generic.c      |   12 +--
 fs/proc/inode.c        |  229 ++++--------------------------------------------
 fs/proc/internal.h     |    9 +-
 fs/read_write.c        |   30 +++++--
 fs/revoke.c            |  133 ++++++++++++++++++++++++++++
 fs/select.c            |   11 ++-
 include/linux/fs.h     |    2 +
 include/linux/revoke.h |   50 +++++++++++
 mm/mmap.c              |    8 +-
 mm/nommu.c             |   16 +++-
 15 files changed, 297 insertions(+), 243 deletions(-)
 create mode 100644 fs/revoke.c
 create mode 100644 include/linux/revoke.h

-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ