lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181214162744.23sbfyl3rnwkgoie@madcap2.tricolour.ca>
Date:   Fri, 14 Dec 2018 11:27:44 -0500
From:   Richard Guy Briggs <rgb@...hat.com>
To:     Paul Moore <paul@...l-moore.com>
Cc:     linux-fsdevel@...r.kernel.org, viro@...iv.linux.org.uk,
        linux-kernel@...r.kernel.org, linux-audit@...hat.com,
        Eric Paris <eparis@...hat.com>, sgrubb@...hat.com
Subject: Re: [RFC PATCH ghak100 V1 0/2] audit: avoid umount hangs on missing
 mount

On 2018-12-12 08:03, Paul Moore wrote:
> On Fri, Nov 16, 2018 at 12:34 PM Richard Guy Briggs <rgb@...hat.com> wrote:
> > On user and remote filesystems, a forced umount can still hang due to
> > attemting to fetch the fcaps of a mounted filesystem that is no longer
> > available.
> >
> > These two patches take different approaches to address this, one by
> > avoiding the lookup when the MNT_FORCE flag is included, the other by
> > providing a method to filter out auditing specified types of filesystems.
> >
> > This can happen on ceph, cifs, 9p, lustre, fuse (gluster) or NFS.
> >
> > Arguably the better way to address this issue is to disable auditing
> > processes that touch removable filesystems.
> > Please see the github issue tracker
> > https://github.com/linux-audit/audit-kernel/issues/100
> >
> > Richard Guy Briggs (2):
> >   audit: avoid fcaps on MNT_FORCE
> >   audit: moar filter PATH records keyed on filesystem magic
> >
> >  fs/namei.c            |  2 +-
> >  fs/namespace.c        |  3 +++
> >  include/linux/audit.h |  8 ++++++--
> >  kernel/audit.c        |  5 +++--
> >  kernel/audit.h        |  2 +-
> >  kernel/auditsc.c      | 29 ++++++++++++++++++++++++++---
> >  6 files changed, 40 insertions(+), 9 deletions(-)
> 
> Just to get this out of the way, don't use "moar", spell it properly.
> 
> Beyond that, it's not clear to me from your cover letter if you are
> proposing these patches as an "or" or as an "and"; assuming the
> patch(es) are reasonable, do you want us to merge both of these
> patches, or only the one we like the most?

I would like each one to be considered on its own merits.

The second was discussed back when the logs were flooded with "(null)"
PATH records due to debugfs and tracefs noise.  Do you agree with the
general concept or not?

The first is being picked apart (rightfully) due to assumptions and
choices made long ago in the audit system.  So while it is still in far
more flux than the second patch, I think it has the potential to fix the
problem more correctly and permanently but in the process may challenge
our rules about the format and invariability of audit records.  The
basic premise is to prevent audit from trying to get information (fcaps)
from a filesystem that is likely to be far more ephemeral than local
on-disk kernel filesystems or to fail to do so more gracefully.

> paul moore

- RGB

--
Richard Guy Briggs <rgb@...hat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ