| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190716080338.al4cnwdfvdbpzh3r@yavin>
Date: Tue, 16 Jul 2019 18:03:38 +1000
From: Aleksa Sarai <cyphar@...har.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Jeff Layton <jlayton@...nel.org>,
"J. Bruce Fields" <bfields@...ldses.org>,
Arnd Bergmann <arnd@...db.de>,
David Howells <dhowells@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Shuah Khan <skhan@...uxfoundation.org>,
Christian Brauner <christian@...uner.io>,
David Drysdale <drysdale@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Eric Biederman <ebiederm@...ssion.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexei Starovoitov <ast@...nel.org>,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>, Tycho Andersen <tycho@...ho.ws>,
Chanho Min <chanho.min@....com>,
Oleg Nesterov <oleg@...hat.com>, Aleksa Sarai <asarai@...e.de>,
containers@...ts.linux-foundation.org, linux-alpha@...r.kernel.org,
linux-api@...r.kernel.org, linux-arch@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-fsdevel@...r.kernel.org, linux-ia64@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org,
linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-s390@...r.kernel.org, linux-sh@...r.kernel.org,
linux-xtensa@...ux-xtensa.org, sparclinux@...r.kernel.org,
rgb@...hat.com, paul@...l-moore.com, raven@...maw.net,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Subject: Re: [PATCH v9 05/10] namei: O_BENEATH-style path resolution flags
On 2019-07-14, Al Viro <viro@...iv.linux.org.uk> wrote:
> On Sat, Jul 13, 2019 at 03:41:53AM +0100, Al Viro wrote:
> > On Fri, Jul 12, 2019 at 04:00:26PM +0100, Al Viro wrote:
> > > On Fri, Jul 12, 2019 at 02:25:53PM +0100, Al Viro wrote:
> > >
> > > > if (flags & LOOKUP_BENEATH) {
> > > > nd->root = nd->path;
> > > > if (!(flags & LOOKUP_RCU))
> > > > path_get(&nd->root);
> > > > else
> > > > nd->root_seq = nd->seq;
> > >
> > > BTW, this assignment is needed for LOOKUP_RCU case. Without it
> > > you are pretty much guaranteed that lazy pathwalk will fail,
> > > when it comes to complete_walk().
> > >
> > > Speaking of which, what would happen if LOOKUP_ROOT/LOOKUP_BENEATH
> > > combination would someday get passed?
> >
> > I don't understand what's going on with ->r_seq in there - your
> > call of path_is_under() is after having (re-)sampled rename_lock,
> > but if that was the only .. in there, who's going to recheck
> > the value? For that matter, what's to guarantee that the thing
> > won't get moved just as you are returning from handle_dots()?
> >
> > IOW, what does LOOKUP_IN_ROOT guarantee for caller (openat2())?
>
> Sigh... Usual effects of trying to document things:
>
> 1) LOOKUP_NO_EVAL looks bogus. It had been introduced by commit 57d4657716ac
> (audit: ignore fcaps on umount) and AFAICS it's crap. It is set in
> ksys_umount() and nowhere else. It's ignored by everything except
> filename_mountpoint(). The thing is, call graph for filename_mountpoint()
> is
> filename_mountpoint()
> <- user_path_mountpoint_at()
> <- ksys_umount()
> <- kern_path_mountpoint()
> <- autofs_dev_ioctl_ismountpoint()
> <- find_autofs_mount()
> <- autofs_dev_ioctl_open_mountpoint()
> <- autofs_dev_ioctl_requester()
> <- autofs_dev_ioctl_ismountpoint()
> In other words, that flag is basically "was filename_mountpoint()
> been called by umount(2) or has it come from an autofs ioctl?".
> And looking at the rationale in that commit, autofs ioctls need
> it just as much as umount(2) does. Why is it not set for those
> as well? And why is it conditional at all?
In addition, LOOKUP_NO_EVAL == LOOKUP_OPEN (0x100). Is that meant to be
the case? Also I just saw you have a patch in work.namei that fixes this
up -- do you want me to rebase on top of that?
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists