| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190717030258.GT17978@ZenIV.linux.org.uk>
Date: Wed, 17 Jul 2019 04:02:58 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Rich Felker <dalias@...c.org>
Cc: Palmer Dabbelt <palmer@...ive.com>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>, rth@...ddle.net,
ink@...assic.park.msu.ru, mattst88@...il.com,
linux@...linux.org.uk, catalin.marinas@....com, will@...nel.org,
tony.luck@...el.com, fenghua.yu@...el.com, geert@...ux-m68k.org,
monstr@...str.eu, ralf@...ux-mips.org, paul.burton@...s.com,
jhogan@...nel.org, James.Bottomley@...senpartnership.com,
deller@....de, benh@...nel.crashing.org, paulus@...ba.org,
mpe@...erman.id.au, heiko.carstens@...ibm.com, gor@...ux.ibm.com,
borntraeger@...ibm.com, ysato@...rs.sourceforge.jp,
davem@...emloft.net, luto@...nel.org, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, hpa@...or.com, x86@...nel.org,
peterz@...radead.org, acme@...nel.org,
alexander.shishkin@...ux.intel.com, jolsa@...hat.com,
namhyung@...nel.org, dhowells@...hat.com, firoz.khan@...aro.org,
stefan@...er.ch, schwidefsky@...ibm.com, axboe@...nel.dk,
christian@...uner.io, hare@...e.com, deepa.kernel@...il.com,
tycho@...ho.ws, kim.phillips@....com, linux-alpha@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-ia64@...r.kernel.org,
linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org,
linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-s390@...r.kernel.org, linux-sh@...r.kernel.org,
sparclinux@...r.kernel.org, linux-arch@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH v2 2/4] Add fchmodat4(), a new syscall
On Tue, Jul 16, 2019 at 10:40:46PM -0400, Rich Felker wrote:
> On Tue, Jul 16, 2019 at 06:27:17PM -0700, Palmer Dabbelt wrote:
> > man 3p says that fchmodat() takes a flags argument, but the Linux
> > syscall does not. There doesn't appear to be a good userspace
> > workaround for this issue but the implementation in the kernel is pretty
> > straight-forward. The specific use case where the missing flags came up
> > was WRT a fuse filesystem implemenation, but the functionality is pretty
> > generic so I'm assuming there would be other use cases.
>
> Note that we do have a workaround in musl libc with O_PATH and
> /proc/self/fd, but a syscall that allows a proper fix with the ugly
> workaround only in the fallback path for old kernels will be much
> appreciated!
>
> What about also doing a new SYS_faccessat4 with working AT_EACCESS
> flag? The workaround we have to do for it is far worse.
Umm... That's doable, but getting into the "don't switch creds unless
needed" territory. I'll need to play with that a bit and see what
gives a tolerable variant...
What of this part wrt AT_EACCESS?
if (!issecure(SECURE_NO_SETUID_FIXUP)) {
/* Clear the capabilities if we switch to a non-root user */
kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
if (!uid_eq(override_cred->uid, root_uid))
cap_clear(override_cred->cap_effective);
else
override_cred->cap_effective =
override_cred->cap_permitted;
}
Powered by blists - more mailing lists