| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <14347.1559127657@warthog.procyon.org.uk>
Date: Wed, 29 May 2019 12:00:57 +0100
From: David Howells <dhowells@...hat.com>
To: Jann Horn <jannh@...gle.com>, casey@...aufler-ca.com
Cc: dhowells@...hat.com, Al Viro <viro@...iv.linux.org.uk>,
raven@...maw.net, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
linux-block@...r.kernel.org, keyrings@...r.kernel.org,
linux-security-module <linux-security-module@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/7] vfs: Add a mount-notification facility
Jann Horn <jannh@...gle.com> wrote:
> > +void post_mount_notification(struct mount *changed,
> > + struct mount_notification *notify)
> > +{
> > + const struct cred *cred = current_cred();
>
> This current_cred() looks bogus to me. Can't mount topology changes
> come from all sorts of places? For example, umount_mnt() from
> umount_tree() from dissolve_on_fput() from __fput(), which could
> happen pretty much anywhere depending on where the last reference gets
> dropped?
IIRC, that's what Casey argued is the right thing to do from a security PoV.
Casey?
Maybe I should pass in NULL creds in the case that an event is being generated
because an object is being destroyed due to the last usage[*] being removed.
[*] Usage, not ref - Superblocks are a bit weird in their accounting.
David
Powered by blists - more mailing lists