| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180712223223.GA28610@thunk.org>
Date: Thu, 12 Jul 2018 18:32:23 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: David Howells <dhowells@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Lutomirski <luto@...nel.org>,
Al Viro <viro@...iv.linux.org.uk>,
Linux API <linux-api@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jann Horn <jannh@...gle.com>
Subject: Re: [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for
superblock creation [ver #9]
On Thu, Jul 12, 2018 at 10:26:37PM +0100, David Howells wrote:
> The problem is that there's more than one actual "open" involved.
>
> fd = fsopen("ext4"); <--- #1
> whatever_interface(fd, "s /dev/sda1");
> whatever_interface(fd, "o journal_path=/dev/sda2");
> do_the_create_thing(fd); <--- #2 and #3
>
> The initial check to see whether you can mount or not is done at #1.
>
> But later there are two nested file opens. Internally, deep down inside the
> block layer, /dev/sda1 and /dev/sda2 are opened and further permissions checks
> are done, whether you like it or not. But these have no access to the creds
> attached to fd as things currently stand.
So maybe the answer is that you open /dev/sda1 and /dev/sda2 and then
pass the file descriptors to the fsopen object? We can require that
the fd's be opened with O_RDWR and O_EXCL, which has the benefit where
if you have multiple block devices, you know *which* block device had
a problem with being grabbed for an exclusive open.
Just a thought.
- Ted
Powered by blists - more mailing lists