lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56B24F95.9040702@codeaurora.org>
Date:	Wed, 03 Feb 2016 11:05:57 -0800
From:	Nikhilesh Reddy <reddyn@...eaurora.org>
To:	Jann Horn <jann@...jh.net>
CC:	torvalds@...ux-foundation.org, Miklos Szeredi <miklos@...redi.hu>,
	fuse-devel <fuse-devel@...ts.sourceforge.net>,
	linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
	gregkh@...uxfoundation.org, linux-fsdevel@...r.kernel.org,
	viro@...iv.linux.org.uk, Richard Weinberger <richard@....at>,
	Theodore Ts'o <tytso@....edu>, jack@...e.cz,
	Antonio SJ Musumeci <trapexit@...wn.link>, sven.utcke@....de,
	Nikolaus Rath <nikolaus@...h.org>,
	Jann Horn <jannhorn@...glemail.com>,
	Mike Shal <marfey@...il.com>
Subject: Re: [PATCH v5] fuse: Add support for passthrough read/write

Hi
Thanks for your review again :)
>
> Uh... how do you know at this point that the file is actually writable?
> Normally, e.g. vfs_write() will ensure that the file is writable, and
> e.g. generic_file_write_iter() won't check for writability as far as I
> can tell. This might allow someone to use the passthrough mechanism to
> overwrite a file he is only allowed to read, but not write, like
> /etc/passwd.

I considered adding the checks ( the same ones that VFS does)  but not 
sure if we need to.
So the user will need to construct a fuse filesystem ( that opens for 
O_READONLY even though the user asks for a O_RDWR from the FUSE open) 
and then mount it , with CAP_SYS_ADMIN  for which you need to be root 
but  once he has that he should be able to easily get to the files 
without needing to go through FUSE  right using CAP_DAC_OVERRIDE?

Am i missing something? Please do help me understand.

But yes if really needed I can add additional checks once i understand it


>
> Also, I think this might bypass mandatory locks, the
> security_file_permission hook (which seems like a bad idea anyway
> though), inotify/fsnotify and sb_start_write.
>
Can you please elaborate/clarify further? I am am not sure what you mean.


Again thanks for your reviews :)
Appreciate your help
-- 
Thanks
Nikhilesh Reddy

Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ