lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <011efbc0-39fe-76f2-2325-3252680228d0@pengutronix.de>
Date:   Mon, 8 Oct 2018 18:54:09 +0200
From:   Ahmad Fatoum <a.fatoum@...gutronix.de>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Alexey Dobriyan <adobriyan@...il.com>
Cc:     David Howells <dhowells@...hat.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Florian Westphal <fw@...len.de>, linux-kernel@...r.kernel.org,
        kernel@...gutronix.de
Subject: Re: [PATCH RFC] proc: Don't retain negative dentries

On 10/8/18 6:50 PM, Ahmad Fatoum wrote:
> The referenced commit 1da4d377f94 ("proc: revalidate misc dentries")
> caused following userspace code to access a stale /proc/net/dev
> after the network namespace was changed:
> 
>     system("ip netns add testns");
> 
>     printf("default:\n"); {
>         int devinfd = open("/proc/net/dev", O_RDONLY);
>         sendfile(STDOUT_FILENO, devinfd, NULL, 4096);
>         close(devinfd);
>     }
> 
>     printf("testns:\n"); {
>         int ns_fd = open("/var/run/netns/testns", O_RDONLY);
>         setns(ns_fd, 0);
> 
>         int devinfd = open("/proc/net/dev", O_RDONLY);
>         sendfile(STDOUT_FILENO, devinfd, NULL, 4096);
>         close(devinfd);
> 
>         close(ns_fd);
>     }
> 
> Despite switching the network namespace, the read access from the
> newly opened file gave back what the very first read in the default
> network namespace returned.
> 
> This doesn't occur if /proc/net/dev is opened within a new process,
> which might explain why this wasn't noticed previously.
> 
> As I don't see a reason why one would keep negative dentries for procfs
> at all, amend the code not to do this anymore.
> 
> Fixes: 1da4d377f94 ("proc: Don't retain negative dentries")

This should read

Fixes: 1da4d377f94 ("proc: revalidate misc dentries") 

instead...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ