[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190115000046.GR27534@dastard>
Date: Tue, 15 Jan 2019 11:00:46 +1100
From: Dave Chinner <david@...morbit.com>
To: Jann Horn <jannh@...gle.com>
Cc: Richard Henderson <rth@...ddle.net>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Matt Turner <mattst88@...il.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
linux-fsdevel@...r.kernel.org,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Theodore Ts'o <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
linux-alpha@...r.kernel.org, linux-kernel@...r.kernel.org,
Pavel Machek <pavel@....cz>
Subject: Re: [PATCH v3 1/2] fs: don't let getdents return bogus names
On Mon, Jan 14, 2019 at 07:23:17PM +0100, Jann Horn wrote:
> When you e.g. run `find` on a directory for which getdents returns
> "filenames" that contain slashes, `find` passes those "filenames" back to
> the kernel, which then interprets them as paths. That could conceivably
> cause userspace to do something bad when accessing something like an
> untrusted USB stick, but I'm not aware of any specific example.
>
> Instead of returning bogus filenames to userspace, return -EUCLEAN.
Please don't use EUCLEAN directly to indicate filesystem corruption
directly. If we want to indicate that the filesystem is corrupted,
please hoist the multiple XFS/ext4 definitions of:
#define EFSCORRUPTED EUCLEAN
up into include/uapi/asm-generic/errno.h and then use EFSCORRUPTED
in all the places where we want to indicate to userspace that the
filesystem is corrupted. That tells both the code reader and the
userspace developers that it's a corruption error and puts context
to the "structure needs cleaning" text that goes along with it...
Cheers,
Dave.
--
Dave Chinner
david@...morbit.com
Powered by blists - more mailing lists