lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190110145559.relfx37ocq5xu4by@isilmar-4.linta.de>
Date:   Thu, 10 Jan 2019 15:55:59 +0100
From:   Dominik Brodowski <linux@...inikbrodowski.net>
To:     Christian Brauner <christian@...uner.io>
Cc:     akpm@...ux-foundation.org, keescook@...omium.org,
        linux-kernel@...r.kernel.org, ebiederm@...ssion.com,
        mcgrof@...nel.org, joe.lawrence@...hat.com, longman@...hat.com,
        viro@...iv.linux.org.uk, adobriyan@...il.com,
        linux-api@...r.kernel.org
Subject: Re: [RESEND PATCH v3 2/2] sysctl: handle overflow for file-max

On Thu, Jan 10, 2019 at 03:50:05PM +0100, Christian Brauner wrote:
> On Tue, Jan 08, 2019 at 08:01:10AM +0100, Dominik Brodowski wrote:
> > On Mon, Jan 07, 2019 at 11:27:00PM +0100, Christian Brauner wrote:
> > > @@ -2833,6 +2836,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
> > >  				break;
> > >  			if (neg)
> > >  				continue;
> > > +			if ((max && val > *max) || (min && val < *min)) {
> > > +				err = -EINVAL;
> > > +				break;
> > > +			}
> > >  			val = convmul * val / convdiv;
> > >  			if ((min && val < *min) || (max && val > *max))
> > >  				continue;
> > 
> > This is a generic change which affects all users of
> > do_proc_doulongvec_minmax() that have extra1 or extra2 set. In sysctl.c, I
> > do not see another user of proc_doulongvec_minmax() that has extra1 or
> > extra2 set. However, have you verified whether your patch changes the
> > behaviour for other files that make use of proc_doulongvec_minmax() or
> > proc_doulongvec_ms_jiffies_minmax(), and not only of the file-max sysctl?
> 
> Sorry for the delayed reply. I did look at the callers. The functions
> that are of interest afaict are:
> 
> proc_doulongvec_ms_jiffies_minmax
> proc_doulongvec_minmax
> 
> So this could be visible when users write values that would overflow the
> type used in the kernel.
>
> I guess your point is whether we are venturing into userspace break
> territory. Hm... We should probably make sure that we're not regressing
> anyone else! What do you think if instead of the above patch we did:

Hm, I prefer the original patch -- as the same (valid) reasons which apply
for the file-max sysctl might also apply to other users of this function
where extra1 and/or2 extra2 are set.

If there are no other users of this function where extra1 or extra2 are set,
just add a comment in the commit message:

	While this changes the behaviour of __do_proc_doulongvec_minmax(),
	no other existing users in the kernel are affected by this change.

If there are other users of this function where extra1 or extra2 are set,
you would need to generalize the commit message overall.

Thanks,
	Dominik

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ