| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180511024234.GA30522@ZenIV.linux.org.uk>
Date: Fri, 11 May 2018 03:42:35 +0100
From: Al Viro <viro@...IV.linux.org.uk>
To: "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc: linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
sandeen@...deen.net, darrick.wong@...cle.com, dhowells@...hat.com,
tytso@....edu, fliu@...e.com, jack@...e.cz, jeffm@...e.com,
nborisov@...e.com, jake.norris@...e.com, mtk.manpages@...il.com,
linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] vfs: skip extra attributes check on removal for symlinks
On Thu, May 10, 2018 at 11:05:51PM +0000, Luis R. Rodriguez wrote:
> On Thu, May 10, 2018 at 09:48:07PM +0100, Al Viro wrote:
> > On Thu, Apr 26, 2018 at 04:46:39PM -0700, Luis R. Rodriguez wrote:
> >
> > > Since we cannot set these attributes we should special-case the
> > > immutable/append on delete for symlinks, this would be consistent with
> > > what we *do* allow on Linux for all filesystems.
> >
> > Er... So why not simply sanity-check it in places that set it on
> > inodes?
>
> The patch is not about sanity-checks on setters though as *that* is in place
> already. Its about the case where the filesystem gets corrupted and the VFS
> *still* does process these attributes for symlinks and still prevents
> deletion because of these attributes.
... and this corrupted fs ends up setting those flags on in-core inodes.
Which is where we ought to block that. Seriously, let's make sure that
->i_flags manipulations are done by inode_set_flags() (e.g. btrfs open-codes
that, apparently) and let's make _that_ check and reject those.
Powered by blists - more mailing lists