lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20140319152521.04fe6665c67efe0c6a70d8a5@linux-foundation.org>
Date:	Wed, 19 Mar 2014 15:25:21 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Kees Cook <keescook@...omium.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Rik van Riel <riel@...hat.com>, Mel Gorman <mgorman@...e.de>,
	Aaron Tomlin <atomlin@...hat.com>,
	Andrew Shewmaker <agshew@...il.com>,
	Li Zefan <lizefan@...wei.com>,
	Dario Faggioli <raistlin@...ux.it>,
	Andi Kleen <ak@...ux.intel.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Wanpeng Li <liwanp@...ux.vnet.ibm.com>,
	"David S. Miller" <davem@...emloft.net>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Willem de Bruijn <willemb@...gle.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Pavel Emelyanov <xemul@...allels.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] sysctl: fix incorrect write position handling

On Tue, 18 Mar 2014 10:17:59 -0700 Kees Cook <keescook@...omium.org> wrote:

> When writing to a sysctl string, each write, regardless of VFS position,
> began writing the string from the start. This meant the contents of
> the last write to the sysctl controlled the string contents instead of
> the first:
> 
> open("/proc/sys/kernel/modprobe", O_WRONLY)   = 1
> write(1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 4096) = 4096
> write(1, "/bin/true", 9)                = 9
> close(1)                                = 0
> 
> $ cat /proc/sys/kernel/modprobe
> /bin/true

Yes, procfs writes have always been weird.

Why are we fixing this?

Perhaps there's an existing application which holds an fd open
and periodically writes to it expecting some result.  This patch
would break such an app?


And what about something like this?

while true
do
	echo 1
	sleep 60
done > /proc/sys/vm/drop_caches

To be consistent with the proposed alteration to string writes, this
would have to write 1 then change that to 11 then to 111.  Or
something, makes my head spin.

> Expected behaviour would be to have the sysctl be "AAAA..." capped at
> maxlen (in this case KMOD_PATH_LEN: 256), instead of truncating to the
> contents of the second write. Similarly, multiple short writes would not
> append to the sysctl.

So if we do

(
	echo foo
	echo bar
) > /proc/sys/kernel/modprobe

we get foo and later we get foobar?

> This fixes the unexpected behavior for strings, and disallows non-zero
> file position when writing numeric sysctls (similar to what is already
> done when reading from non-zero file positions).

So my script which writes drop_caches will break?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ