| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Oct 2018 18:54:09 +0200
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Andrew Morton <akpm@...ux-foundation.org>,
Alexey Dobriyan <adobriyan@...il.com>
Cc: David Howells <dhowells@...hat.com>,
Al Viro <viro@...iv.linux.org.uk>,
Florian Westphal <fw@...len.de>, linux-kernel@...r.kernel.org,
kernel@...gutronix.de
Subject: Re: [PATCH RFC] proc: Don't retain negative dentries
On 10/8/18 6:50 PM, Ahmad Fatoum wrote:
> The referenced commit 1da4d377f94 ("proc: revalidate misc dentries")
> caused following userspace code to access a stale /proc/net/dev
> after the network namespace was changed:
>
> system("ip netns add testns");
>
> printf("default:\n"); {
> int devinfd = open("/proc/net/dev", O_RDONLY);
> sendfile(STDOUT_FILENO, devinfd, NULL, 4096);
> close(devinfd);
> }
>
> printf("testns:\n"); {
> int ns_fd = open("/var/run/netns/testns", O_RDONLY);
> setns(ns_fd, 0);
>
> int devinfd = open("/proc/net/dev", O_RDONLY);
> sendfile(STDOUT_FILENO, devinfd, NULL, 4096);
> close(devinfd);
>
> close(ns_fd);
> }
>
> Despite switching the network namespace, the read access from the
> newly opened file gave back what the very first read in the default
> network namespace returned.
>
> This doesn't occur if /proc/net/dev is opened within a new process,
> which might explain why this wasn't noticed previously.
>
> As I don't see a reason why one would keep negative dentries for procfs
> at all, amend the code not to do this anymore.
>
> Fixes: 1da4d377f94 ("proc: Don't retain negative dentries")
This should read
Fixes: 1da4d377f94 ("proc: revalidate misc dentries")
instead...
Powered by blists - more mailing lists