| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Oct 2018 08:16:41 -0700
From: Tycho Andersen <tycho@...ho.ws>
To: Laurent Vivier <laurent@...ier.eu>
Cc: linux-kernel@...r.kernel.org, Dmitry Safonov <dima@...sta.com>,
linux-api@...r.kernel.org, containers@...ts.linux-foundation.org,
Jann Horn <jannh@...gle.com>,
James Bottomley <James.Bottomley@...senPartnership.com>,
Eric Biederman <ebiederm@...ssion.com>,
linux-fsdevel@...r.kernel.org,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace
On Tue, Oct 09, 2018 at 12:37:52PM +0200, Laurent Vivier wrote:
> @@ -80,18 +74,32 @@ static int entry_count;
> */
> #define MAX_REGISTER_LENGTH 1920
>
> +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns)
> +{
> + struct binfmt_namespace *b_ns;
> +
> + while (ns) {
> + b_ns = READ_ONCE(ns->binfmt_ns);
> + if (b_ns)
> + return b_ns;
> + ns = ns->parent;
> + }
> + WARN_ON_ONCE(1);
It looks like we warn here,
> @@ -133,17 +141,18 @@ static int load_misc_binary(struct linux_binprm *bprm)
> struct file *interp_file = NULL;
> int retval;
> int fd_binary = -1;
> + struct binfmt_namespace *ns = binfmt_ns(current_user_ns());
>
> retval = -ENOEXEC;
> - if (!enabled)
> + if (!ns->enabled)
...but then in cases like this we immediately dereference the pointer
anyways and crash. Can we return some other error code here in the !ns
case so we don't crash?
Tycho
Powered by blists - more mailing lists