lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 9 Sep 2018 15:54:19 -0600 (Mountain Daylight Time)
From:   Marc Aurele La France <tsi@...oix.net>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org,
        Andreas Gruenbacher <agruenba@...hat.com>
Subject: sysfs:  Do not return POSIX ACL xattrs via listxattr()

Greetings.

Commit 786534b92f3ce68f4afc8a761c80b76887797b0a "tmpfs: listxattr
should include POSIX ACL xattrs", which first appeared in 4.5 kernels,
introduced a regression whereby listxattr() syscalls on anything in
sysfs, or its mountpoint, return the name of the two POSIX ACL xattrs,
but attempts to retrieve these values are denied with EOPNOTSUP.  For
example ...

        # getfattr -d --match=- /sys
        /sys: system.posix_acl_access: Operation not supported
        /sys: system.posix_acl_default: Operation not supported
        #

This inconsistent behaviour confuses rsync(1) (among others) when it
runs into a sysfs mountpoint, even when told to not descend into it.
This issue occurs because simple_xattr_list() does not correctly deal
with cached ACLs.

The suggested fix below was developed with a 4.18.7 kernel, but should
apply, modulo patch fuzz, to any kernel >= 4.7.  A fix for 4.5 <=
kernels < 4.7 is trivially different, but I won't bother given such
kernels are no longer maintained.

Note that the only other simple_xattr_list() caller, shmem, avoids
this glitch by previously calling cache_no_acl() on all inodes it
creates, so perhaps sysfs/kernfs should do the same.

Please Reply-To-All.

Thanks and have a great day.

Marc.

Signed-off-by: Marc Aurèle La France <tsi@...oix.net>

--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -949,13 +949,13 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
 	int err = 0;

 #ifdef CONFIG_FS_POSIX_ACL
-	if (inode->i_acl) {
+	if (inode->i_acl && !is_uncached_acl(inode->i_acl)) {
 		err = xattr_list_one(&buffer, &remaining_size,
 				     XATTR_NAME_POSIX_ACL_ACCESS);
 		if (err)
 			return err;
 	}
-	if (inode->i_default_acl) {
+	if (inode->i_default_acl && !is_uncached_acl(inode->i_default_acl)) {
 		err = xattr_list_one(&buffer, &remaining_size,
 				     XATTR_NAME_POSIX_ACL_DEFAULT);
 		if (err)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ