lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Dec 2017 14:27:04 -0500
From:   "J. Bruce Fields" <bfields@...ldses.org>
To:     Thiago Rafael Becker <thiago.becker@...il.com>
Cc:     neilb@...e.com, linux-nfs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3 v3] Move groups_sort outisde of set_groups

ACK to these patches from me.  I'm not sure who should pick them up....

--b.

On Tue, Dec 05, 2017 at 12:05:09PM -0200, Thiago Rafael Becker wrote:
> In cases where group_info is cached (e.g. sunrpc), multiplpe
> threads may call set_groups with a freshly created group_info
> cache (e.g. nfsd), and attempt to sort them simultaneously,
> which configures a race condition that can overwrite some
> groups in the cache and lead to errors. In the case of nfsd,
> the client was receiving EPERM if the group used to provide
> authorization was overwritten by this race condition.
> 
> In an email exchange with bfields, we agreed that it seems
> unintuitive that the groups are sorted on set_groups, and that
> it would be better to move the responsibility of sorting to
> the caller of set_groups.
> 
> These patches:
>  - Export groups_sort in include/linux/cred.h
>  - Add a call to groups_sort after the groups are inserted in
>    group_info
>  - Remove the call to sort_groups from set_groups
> 
> Thiago Rafael Becker (3):
>   kernel: make groups_sort globally visible
>   kernel: Move groups_sort to the caller of set_groups.
>   kernel: set_groups doesn't call groups_sort anymore.
> 
>  include/linux/cred.h      | 1 +
>  kernel/groups.c           | 6 ++++--
>  kernel/uid16.c            | 1 +
>  net/sunrpc/svcauth_unix.c | 7 +++++++
>  4 files changed, 13 insertions(+), 2 deletions(-)
> 
> -- 
> 2.9.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ