| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Aug 2014 20:16:29 +0000 From: Serge Hallyn <serge.hallyn@...ntu.com> To: Andy Lutomirski <luto@...capital.net> Cc: Linux Containers <containers@...ts.linux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, stable <stable@...r.kernel.org>, Kenton Varda <kenton@...dstorm.io>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH] fs: Remove implicit nodev for new mounts in non-root userns Quoting Andy Lutomirski (luto@...capital.net): > On Fri, Aug 15, 2014 at 12:37 PM, Serge Hallyn <serge.hallyn@...ntu.com> wrote: > > Quoting Andy Lutomirski (luto@...capital.net): > >> On Fri, Aug 15, 2014 at 12:05 PM, Serge Hallyn <serge.hallyn@...ntu.com> wrote: > >> > Quoting Andy Lutomirski (luto@...capital.net): > >> >> Currently, creating a new mount (as opposed to bindmount) in a > >> >> non-root userns will implicitly set nodev unless the fs is devpts. > >> >> Something like this will be necessary for file systems that allow > >> >> the mounter to create device nodes without using mknod (e.g. FUSE > >> >> if/when that is allowed), but none of the currently allowed > >> >> filesystems do this. > >> > > >> > Hi, > >> > > >> > Sorry, I'm probably thinking stupidly, but I don't see this restriction > >> > being the case > >> > > >> > serge@sl:~$ mount | grep tmp > >> > [...] > >> > tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) > >> > serge@sl:~$ sudo mknod /run/kvm c 10 232 > >> > [sudo] password for serge: > >> > serge@sl:~$ echo $? > >> > 0 > >> > serge@sl:~$ ls -l /run/kvm > >> > crw-r--r-- 1 root root 10, 232 Aug 15 14:04 /run/kvm > >> > > >> > But you seem to be saying I shouldn't be allowed to create a device inside > >> > a tmpfs. What am I overlooking? > >> > >> I assume you're in the root userns. This patch is unnecessary, and > >> has no effect, if you're in the root userns. > > > > Right, but I thought you were justifying adding FS_USERNS_DEV_MOUNT by saying > > that you cannot mknod in those filesystems. But I see you actually said > > "without using mknod". I guess I don't understand that caveat. > > IIUC, there are two ways that a user could put a device node into > their filesystem. > > The obvious way is using mknod. But mknod has its own perfectly valid > permission checks, and it doesn't need any special handling at mount > time. > > The less obvious way is to mount a filesystem that already contains a > device node or to mount a filesystem that gives some other means of > inserting a device node (e.g. a network filesystem or FUSE). Those > might allow inserting device nodes without passing a global capability > check, so unprivileged users in a userns must not be allowed to mount > such a filesystem without MNT_NODEV | MNT_LOCK_NODEV. > > Fortunately, none of the existing FS_USERNS_MOUNT filesystems have > that property. FUSE will, but we don't support FUSE in a userns yet > (unfortunately -- it would be a *very* useful feature.) > > I think that, if we ever allow FUSE in a userns, we should return Which, btw, I'm hoping we'll be allowing soon. > -EPERM when trying to mount it unless the user specifies MS_NODEV, In either case we can think that through when the time comes. > which is what this patch does. I don't think there's any reason to > play complicated games to allow programs to get away with omitting > MS_NODEV. Thanks, Andy. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists