| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160527193741.GR14480@ZenIV.linux.org.uk> Date: Fri, 27 May 2016 20:37:41 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Casey Schaufler <casey@...aufler-ca.com> Cc: Seung-Woo Kim <sw0312.kim@...sung.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, jh80.chung@...gmsung.com, cw00.choi@...sung.com, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [BUG] Panic when systemd boot do mkdir on tmpfs mounted path with smack enabled environment On Fri, May 27, 2016 at 12:03:37PM -0700, Casey Schaufler wrote: > I haven't actually seen the problem, but I've been having > real trouble getting a systemd configuration working properly. > The quickest validation will probably be coming from Seung-Woo Kim, > who reported the issue initially. I am working to verify both the > problem and the fix. To trigger it you need to end up in smack_d_instantiate() for a directory that had SMK_INODE_CHANGED set in smack_inode_init_security(). IOW, smk_inode_transmutable() being true for its parent and smk_access_entry() for that parent returning something with MAY_TRANSMUTE in it. I'm not familiar enough with smack guts to put together a reproducer, but *ANY* call of ->setxattr() from smack_d_instantiate() on xattr-supporting filesystem will blow up in the mainline. At that point dentry still has NULL ->d_inode, so ->setxattr() instances are going to oops as soon as they try to do anything with the inode. All it takes is getting to that method call.
Powered by blists - more mailing lists