[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180729113755.GB7333@amd>
Date: Sun, 29 Jul 2018 13:37:55 +0200
From: Pavel Machek <pavel@....cz>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: Jann Horn <jannh@...gle.com>, Richard Henderson <rth@...ddle.net>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Matt Turner <mattst88@...il.com>,
linux-fsdevel@...r.kernel.org,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Theodore Ts'o <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
linux-alpha@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fs: don't let getdents return bogus names
On Mon 2018-07-16 20:56:57, Al Viro wrote:
> On Mon, Jul 16, 2018 at 09:48:43PM +0200, Jann Horn wrote:
> > When you e.g. run `find` on a directory for which getdents returns
> > "filenames" that contain slashes, `find` passes those "filenames" back to
> > the kernel, which then interprets them as paths. That could conceivably
> > cause userspace to do something bad when accessing something like an
> > untrusted USB stick, but I'm not aware of any specific example.
> >
> > Instead of returning bogus filenames to userspace, return -EUCLEAN.
>
> Because there's such a lot of userland code that expect and handles that
> error value...
>
> I'm not sure if this mitigation is actually better than "just return it
> as-is", TBH.
Well, userspace should handle errors.. it may not understand what this
particular error means, but that's still better than risking issues
with / in path....
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists