| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2017 13:39:37 -0200 (-02)
From: Thiago Rafael Becker <thiago.becker@...il.com>
To: NeilBrown <neilb@...e.com>
cc: Thiago Rafael Becker <thiago.becker@...il.com>,
bfields@...ldses.org, linux-nfs@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3, V2] kernel: Move groups_sort to the caller of
set_groups.
On Mon, 4 Dec 2017, NeilBrown wrote:
> I think you need to add groups_sort() in a few more places.
> Almost anywhere that calls groups_alloc() should be considered.
> net/sunrpc/svcauth_unix.c, net/sunrpc/auth_gss/svcauth_gss.c,
> fs/nfsd/auth.c definitely need it.
So are any other functions that modify group_info. OK, I think I'll
implement the type detection below as it helps detecting where these
situations are located.
This may take some time to make sane. I wonder if we shouldn't
accept the first change suggested to fix the corruption detected in
auth.unix.gid while I work on a new set of patches. Also, that patch
doesn't change behavior of set_groups, and is easier to backport if
distros relying on older kernels need to do so and change behavior. The
first suggestion is undergoing tests, and so far we didn't detect any
new corruptions on auth.unix.gid.
> Maybe it could be done with types.
I changed the interfaces on groups_{alloc,sort} to check. There are some
extra changes needed in groups_from_user and others to make this viable,
but I like it and I'll try to make it happen.
> Thanks,
> NeilBrown
>
Thanks,
trbecker
Powered by blists - more mailing lists