lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.21.1712041049280.1738@tbecker-rhat>
Date:   Mon, 4 Dec 2017 13:39:37 -0200 (-02)
From:   Thiago Rafael Becker <thiago.becker@...il.com>
To:     NeilBrown <neilb@...e.com>
cc:     Thiago Rafael Becker <thiago.becker@...il.com>,
        bfields@...ldses.org, linux-nfs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3, V2] kernel: Move groups_sort to the caller of
 set_groups.



On Mon, 4 Dec 2017, NeilBrown wrote:

> I think you need to add groups_sort() in a few more places.
> Almost anywhere that calls groups_alloc() should be considered.
> net/sunrpc/svcauth_unix.c, net/sunrpc/auth_gss/svcauth_gss.c,
> fs/nfsd/auth.c definitely need it.

So are any other functions that modify group_info. OK, I think I'll 
implement the type detection below as it helps detecting where these 
situations are located.

This may take some time to make sane. I wonder if we shouldn't 
accept the first change suggested to fix the corruption detected in 
auth.unix.gid while I work on a new set of patches. Also, that patch 
doesn't change behavior of set_groups, and is easier to backport if 
distros relying on older kernels need to do so and change behavior. The 
first suggestion is undergoing tests, and so far we didn't detect any 
new corruptions on auth.unix.gid.

> Maybe it could be done with types.

I changed the interfaces on groups_{alloc,sort} to check. There are some 
extra changes needed in groups_from_user and others to make this viable, 
but I like it and I'll try to make it happen.

> Thanks,
> NeilBrown
>

Thanks,
trbecker

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ