lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 May 2018 03:42:35 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: "Luis R. Rodriguez" <mcgrof@...nel.org> Cc: linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org, sandeen@...deen.net, darrick.wong@...cle.com, dhowells@...hat.com, tytso@....edu, fliu@...e.com, jack@...e.cz, jeffm@...e.com, nborisov@...e.com, jake.norris@...e.com, mtk.manpages@...il.com, linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC] vfs: skip extra attributes check on removal for symlinks On Thu, May 10, 2018 at 11:05:51PM +0000, Luis R. Rodriguez wrote: > On Thu, May 10, 2018 at 09:48:07PM +0100, Al Viro wrote: > > On Thu, Apr 26, 2018 at 04:46:39PM -0700, Luis R. Rodriguez wrote: > > > > > Since we cannot set these attributes we should special-case the > > > immutable/append on delete for symlinks, this would be consistent with > > > what we *do* allow on Linux for all filesystems. > > > > Er... So why not simply sanity-check it in places that set it on > > inodes? > > The patch is not about sanity-checks on setters though as *that* is in place > already. Its about the case where the filesystem gets corrupted and the VFS > *still* does process these attributes for symlinks and still prevents > deletion because of these attributes. ... and this corrupted fs ends up setting those flags on in-core inodes. Which is where we ought to block that. Seriously, let's make sure that ->i_flags manipulations are done by inode_set_flags() (e.g. btrfs open-codes that, apparently) and let's make _that_ check and reject those.
Powered by blists - more mailing lists