| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Oct 2013 12:12:41 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Miklos Szeredi <miklos@...redi.hu> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Al Viro <viro@...iv.linux.org.uk>, Linux-Fsdevel <linux-fsdevel@...r.kernel.org>, Kernel Mailing List <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, Rob Landley <rob@...dley.net>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Grrrr fusermount. ebiederm@...ssion.com (Eric W. Biederman) writes: > But I will go through and read the old fusermount code before I get too > much farther just so I understand what I am potentially breaking. Grr. So I have just read the fusermount umount code and the hack that it uses before there was UMOUNT_NOFOLLOW support in the vm. If I walk this path of lazy unmounts and detaching directories, anyone with a new kernel and an old copy of fusermount and a nfs mounted home directory will be able to exploit the fusermount umount symlink race. Unless we can declare that old fusermount binaries are buggy beyond supporting this patchset as it exists is dead. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists