lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55BDCBF4.1050305@nod.at>
Date:	Sun, 2 Aug 2015 09:51:16 +0200
From:	Richard Weinberger <richard@....at>
To:	Tyler Hicks <tyhicks@...onical.com>
Cc:	ecryptfs@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: [RFC][PATCH] ecryptfs: Allow only one instance per lower path

Am 02.08.2015 um 03:03 schrieb Tyler Hicks:
> Thanks for the report and for the patch, Richard!
> 
> On 2015-07-31 12:23:10, Richard Weinberger wrote:
>> Mounting the same lower path multiple times should not result
>> into multiple ecryptfs instances, otherwise ecryptfs gets confused.
>>
>> A command sequence of:
> 
> An important detail that took me a while to realize is that /tmp should
> be tmpfs in order to trigger the warnings below. I was unable to
> reproduce the warnings with ext4 as the lower filesystem.

Hmm, I saw it with UBIFS found that it triggers with tmpfs too.
I gave ext4 a quick try and yes, it behaves differently, I get
a EIO upon the second unlink().

>> $ mount -t ecryptfs /tmp/.secret /mnt_a/secret/
>> $ mount -t ecryptfs /tmp/.secret /mnt_b/secret/
>> $ mkdir -p /mnt_a/secret/xxx
>> $ mkdir -p /mnt_b/secret/xxx
> 
> Note that the -p option is covering up the fact that /mnt_b/secret/xxx
> already exists. Remove that option and you should see this error:
> 
>   mkdir: cannot create directory ‘/mnt_b/secret/xxx’: File exists
> 
> This really isn't important other than understanding that the second
> mkdir it isn't needed.
> 
>> $ echo foo > /mnt_a/secret/xxx/test.txt
>> $ echo foo > /mnt_b/secret/xxx/test.txt
> 
> /mnt_b/secret/xxx/test.txt should already exist (it does for me, at
> least) so the same file is being written to twice in a row. Again, not
> really important other than to know that it isn't needed.
> 
>> $ rm -rf /mnt_a/secret/xxx
>> $ rm -rf /mnt_b/secret/xxx
> 
> The /mnt_b/secret/xxx dcache entry is stale here because the underlying
> file was removed by the first rm command in the /mnt_a/secret mount. The
> lower inode's nlink is 0 at this point and what should be happening
> here, I think, is that the eCryptfs dentry should be invalidated and the
> eCryptfs inode should be destroyed.
> 
> I think that the proper fix is to catch this condition in
> ecryptfs_d_revalidate(). I've started working on coming up with a patch
> for that but I'll need some more time to finish and test it.

So ecryptfs definitely supports mounting the same lower path multiple times?
What is the benefit of that behavior?

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ