lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <51F7362A.3030509@cn.fujitsu.com>
Date:	Tue, 30 Jul 2013 11:42:34 +0800
From:	Gu Zheng <guz.fnst@...fujitsu.com>
To:	Rui Xiang <rui.xiang@...wei.com>
CC:	containers@...ts.linux-foundation.org,
	linux-kernel@...r.kernel.org, serge.hallyn@...ntu.com,
	ebiederm@...ssion.com, akpm@...ux-foundation.org,
	gaofeng@...fujitsu.com, libo.chen@...wei.com
Subject: Re: [PATCH 7/9] syslog_ns: implement function for creating syslog
 ns

On 07/30/2013 11:39 AM, Rui Xiang wrote:

> On 2013/7/29 18:25, Gu Zheng wrote:
>> Hi Rui,
>>
>> On 07/29/2013 10:31 AM, Rui Xiang wrote:
>>
>>> Add create_syslog_ns function to create a new ns. We
>>> must create a user_ns before create a new syslog ns.
>>> And then tie the new syslog_ns to current user_ns
>>> instead of original syslog_ns which comes from
>>> parent user_ns.
> 
> ...
> 
>>> diff --git a/kernel/printk.c b/kernel/printk.c
>>> index fd2d600..6b561db 100644
>>> --- a/kernel/printk.c
>>> +++ b/kernel/printk.c
>>> @@ -384,6 +384,10 @@ static int check_syslog_permissions(int type, bool from_file,
>>>  		|| type == SYSLOG_ACTION_CONSOLE_LEVEL)
>>>  		ns = &init_syslog_ns;
>>>  
>>> +	/* create a new syslog ns */
>>> +	if (type == SYSLOG_ACTION_NEW_NS)
>>> +		return 0;
>>> +
>>
>> Don't we need further permission or caps check here? Return success directly seems sloppy. 
>>
> CAP_SYSLOG is checked in create_syslog_ns, so I think we can return 0 temporarily.

If so, why not move the check here? IMO, permission checking is the earlier the better,
what's your opinion?

Regards,
Gu

> 
> 
> 
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ