lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 1 Nov 2013 10:16:16 -0700
From:	Jim Lieb <jlieb@...asas.com>
To:	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
CC:	<luto@...capital.net>, <linux-fsdevel@...r.kernel.org>,
	<ebiederm@...ssion.com>, <viro@...iv.linux.org.uk>,
	<tytso@....edu>, <linux-kernel@...r.kernel.org>,
	<bfields@...hat.com>, <jlayton@...hat.com>
Subject: Re: Re: Re: Re: Re: Re: [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops

On Saturday, November 02, 2013 01:07:59 Tetsuo Handa wrote:
> Jim Lieb wrote:
> > On Friday, November 01, 2013 22:24:12 Tetsuo Handa wrote:
> > > Jim Lieb wrote:
> > > > Subsequent uses look like:
> > > > 	use_creds(cached fd);
> > > > 
> > > > followed by
> > > > 
> > > > 	open/creat/mknod/write
> > > > 
> > > > followed by
> > > > 
> > > > 	use_creds(-1);
> > > 
> > > Are you aware that calling commit_creds() is prohibitted between
> > > override_creds() and revert_creds() ?
> > > 
> > > If the caller does some operation that calls commit_creds() (like
> > > example below), the kernel triggers BUG().
> > 
> > Yes, I do.  I caught this in an early pass.  I only use override_creds()
> > and revert_creds().
> 
> Excuse me, but even below example will trigger BUG(). You pack
> override_creds() + open() + revert_creds() into one system call so that the
> caller of this system call shall not do something that calls commit_creds()
> ?

Ok, I see your point here.  If I do a switch_creds and the userland does 
something like seteuid before I do the revert, we are toast.  Correct?

This is an issue.  Thanks for pointing this out.  It is certainly not in my 
use case but that doesn't mean someone else won't try it.  I have some more 
work to do.
> 
> ---------- example module start ----------
> #include <linux/module.h>
> #include <linux/cred.h>
> #include <linux/fs.h>
> #include <linux/file.h>
> 
> static int __init test_init(void)
> {
>         const struct cred *orig;
>         { /* switch_cred() syscall */
>                 struct fd f = fdget(0);
>                 if (!f.file)
>                         return -EBADF;
>                 orig = override_creds(f.file->f_cred);
>                 fdput(f);
>         }
>         { /* something that calls commit_creds() */
>                 struct cred *cred = prepare_creds();
>                 if (cred)
>                         commit_creds(cred);
>         }
>         { /* restore */
>                 revert_creds(orig);
>         }
>         return 0;
> }
> 
> static void test_exit(void)
> {
> }
> 
> module_init(test_init);
> module_exit(test_exit);
> MODULE_LICENSE("GPL");
> ---------- example module end ----------

-- 
Jim Lieb
Linux Systems Engineer
Panasas Inc.

"If ease of use was the only requirement, we would all be riding tricycles"
- Douglas Engelbart 1925–2013
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ