lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 31 Oct 2017 18:46:32 -0500
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Christian Brauner <christian.brauner@...ntu.com>
Cc:     linux-kernel@...r.kernel.org, serge@...lyn.com, tycho@...ho.ws,
        Linux Containers <containers@...ts.linux-foundation.org>
Subject: [PATCH 0/5] userns: bump idmap limits, fixes & tweaks


Christian I have looked through your code and I have found one real
issue and of things I want to twak

The real issue is reading nr_extents multiple times when reading a map.
That can introduce races that will allow walking past the end of the
array, if the first read is 0 but the second read is > 5.

I have also found a couple of tweaks that look like they are worth
implementing.

As all of these are very small and very straight forward I have
tested these and applied them all to my for-next branch


Eric W. Biederman (5):
      userns: Don't special case a count of 0
      userns: Simplify the user and group mapping functions
      userns: Don't read extents twice in m_start
      userns: Make map_id_down a wrapper for map_id_range_down
      userns: Simplify insert_extent

 kernel/user_namespace.c | 159 ++++++++++++++++--------------------------------
 1 file changed, 51 insertions(+), 108 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ