| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Oct 2019 08:42:24 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Miklos Szeredi <mszeredi@...hat.com>
Cc: linux-unionfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 0/5] allow unprivileged overlay mounts
Miklos Szeredi <mszeredi@...hat.com> writes:
> Hi Eric,
>
> Can you please have a look at this patchset?
>
> The most interesting one is the last oneliner adding FS_USERNS_MOUNT;
> whether I'm correct in stating that this isn't going to introduce any
> holes, or not...
I will take some time and dig through this.
>From a robustness standpoint I worry about the stackable filesystem
side. As that is uniquely an attack vector with overlayfs.
There is definitely demand for this.
> Thanks,
> Miklos
>
> ---
> Miklos Szeredi (5):
> ovl: document permission model
> ovl: ignore failure to copy up unknown xattrs
> vfs: allow unprivileged whiteout creation
> ovl: user xattr
> ovl: unprivieged mounts
>
> Documentation/filesystems/overlayfs.txt | 44 +++++++++++++
> fs/char_dev.c | 3 +
> fs/namei.c | 17 ++---
> fs/overlayfs/copy_up.c | 34 +++++++---
> fs/overlayfs/dir.c | 2 +-
> fs/overlayfs/export.c | 2 +-
> fs/overlayfs/inode.c | 39 ++++++------
> fs/overlayfs/namei.c | 56 +++++++++--------
> fs/overlayfs/overlayfs.h | 81 +++++++++++++++---------
> fs/overlayfs/ovl_entry.h | 1 +
> fs/overlayfs/readdir.c | 5 +-
> fs/overlayfs/super.c | 53 +++++++++++-----
> fs/overlayfs/util.c | 82 +++++++++++++++++++++----
> include/linux/device_cgroup.h | 3 +
> 14 files changed, 298 insertions(+), 124 deletions(-)
Eric
Powered by blists - more mailing lists