lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130712154833.GA4165@ZenIV.linux.org.uk>
Date:	Fri, 12 Jul 2013 16:48:34 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [git pull] vfs.git part 2

On Fri, Jul 12, 2013 at 12:02:45PM +0000, Rasmus Villemoes wrote:

> But isn't the problem the case where dirname does not exist? I.e., the
> application has to make sure that "/some/where" exists and is a directory
> before open("/some/where", O_CREAT | O_TMPFILE | O_RDWR, 0666) can be
> relied upon to fail on kernels not recognizing O_TMPFILE, instead of
> just creating "where" in "/some".
> 
> Just thinking out loud, and please tell me to shut up if it doesn't make
> sense: The documentation for O_DIRECTORY seems to imply that one could
> require O_DIRECTORY to be given when using O_TMPFILE. The "If pathname
> is not a directory, cause the open to fail" certainly seems to make
> sense when O_TMPFILE is used, and older kernels should complain when
> seeing the O_CREAT|O_DIRECTORY combination. It is a hack, though.

They should, but they won't ;-/  It's the same problem - we do *not*
validate the flags argument.  We'll get to do_last(), hit lookup_open(),
which will create the sucker and go to finish_open_created.  Which is
past the logics checking for LOOKUP_DIRECTORY trying to return a non-directory
and it would've been too late to fail anyway - the file has already been
created.  IOW, O_DIRECTORY is ignored when O_CREAT is present *and* file
didn't exist already.  In that case we almost certainly can treat that as a
bug (i.e. start failing open() on O_CREAT | O_DIRECTORY in all cases -
I'd be _very_ surprised if somebody called open() with such combination of
flags), but that doesn't help with older kernels...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ