| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Jan 2016 17:10:52 +0100 From: Ignacy Gawędzki <ignacy.gawedzki@...en-communications.fr> To: linux-kernel@...r.kernel.org Subject: [PATCH 0/1] OverlayFS: Fix checking permissions during lookup. Hi, While trying to figure out what exactly is going on with permission checking in OverlayFS, I found a pretty simple way to, so it seems, fix it. The problem I was having is triggered with the following setup: drwxr-xr-x lower/ drwx------ lower/foo/ drw-r--r-- lower/boo/bar drwxr-xr-x upper/ drwxr-xr-x upper/foo/ mounted with lower/ as the lowerdir and upper/ as the upperdir. The issue is that when caches are empty, any user who is not the owner of lower/foo/ and who tries to access foo/bar on the mounted overlay gets EACCES. Once the owner accesses foo/bar, that positive result it cached and other users can access foo/bar as expected. It would be nice if someone could take a look at the patch that follows and give me some feedback. The fix is simple, but a bit intrusive and I wonder whether this is necessarily the way to go. Cheers, Ignacy Ignacy Gawędzki (1): OverlayFS: Fix checking permissions during lookup. fs/namei.c | 21 ++++++++++++++++++++- fs/overlayfs/super.c | 2 +- include/linux/namei.h | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) -- 2.5.0
Powered by blists - more mailing lists