| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150715233922.GA3509821@mail.thefacebook.com>
Date: Wed, 15 Jul 2015 16:39:22 -0700
From: Calvin Owens <calvinowens@...com>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: Alexey Dobriyan <adobriyan@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Al Viro <viro@...iv.linux.org.uk>,
Miklos Szeredi <miklos@...redi.hu>,
Zefan Li <lizefan@...wei.com>, Oleg Nesterov <oleg@...hat.com>,
Joe Perches <joe@...ches.com>,
David Howells <dhowells@...hat.com>,
<linux-kernel@...r.kernel.org>, <kernel-team@...com>,
<keescook@...omium.org>, Andy Lutomirski <luto@...capital.net>,
Cyrill Gorcunov <gorcunov@...nvz.org>,
"Kirill A. Shutemov" <kirill@...temov.name>
Subject: Re: [PATCH v7] procfs: Always expose /proc/<pid>/map_files/ and make
it readable
On Wednesday 07/15 at 15:21 -0700, Andrew Morton wrote:
> On Thu, 18 Jun 2015 19:32:18 -0700 Calvin Owens <calvinowens@...com> wrote:
>
> > Currently, /proc/<pid>/map_files/ is restricted to CAP_SYS_ADMIN, and
> > is only exposed if CONFIG_CHECKPOINT_RESTORE is set.
> >
> > Each mapped file region gets a symlink in /proc/<pid>/map_files/
> > corresponding to the virtual address range at which it is mapped. The
> > symlinks work like the symlinks in /proc/<pid>/fd/, so you can follow
> > them to the backing file even if that backing file has been unlinked.
> >
> > Currently, files which are mapped, unlinked, and closed are impossible
> > to stat() from userspace. Exposing /proc/<pid>/map_files/ closes this
> > functionality "hole".
> >
> > Not being able to stat() such files makes noticing and explicitly
> > accounting for the space they use on the filesystem impossible. You can
> > work around this by summing up the space used by every file in the
> > filesystem and subtracting that total from what statfs() tells you, but
> > that obviously isn't great, and it becomes unworkable once your
> > filesystem becomes large enough.
> >
> > This patch moves map_files/ out from behind CONFIG_CHECKPOINT_RESTORE,
> > and adjusts the permissions enforced on it as follows:
>
> proc_pid_follow_link() got changed while you weren't looking, causing
>
> fs/proc/base.c: In function 'proc_map_files_follow_link':
> fs/proc/base.c:1963: warning: passing argument 2 of 'proc_pid_follow_link' from incompatible pointer type
> fs/proc/base.c:1578: note: expected 'void **' but argument is of type 'struct nameidata *'
> fs/proc/base.c:1963: warning: return discards qualifiers from pointer target type
> fs/proc/base.c: At top level:
> fs/proc/base.c:1971: warning: initialization from incompatible pointer type
>
> I just changed it to pass NULL:
Thanks for cleaning this up, I'll make sure to check outstanding patches
against new -rcs and -nexts in the future.
Thanks,
Calvin
> --- a/fs/proc/base.c~procfs-always-expose-proc-pid-map_files-and-make-it-readable-fix
> +++ a/fs/proc/base.c
> @@ -1955,12 +1955,13 @@ struct map_files_info {
> * symlinks may be used to bypass permissions on ancestor directories in the
> * path to the file in question.
> */
> -static void *proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd)
> +static void *
> +proc_map_files_follow_link(struct dentry *dentry, struct nameidata *nd)
> {
> if (!capable(CAP_SYS_ADMIN))
> return ERR_PTR(-EPERM);
>
> - return proc_pid_follow_link(dentry, nd);
> + return proc_pid_follow_link(dentry, NULL);
> }
>
> /*
> _
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists