lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Jan 2020 18:08:46 -0500
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Arvind Sankar <nivedita@...m.mit.edu>,
        Dominik Brodowski <linux@...inikbrodowski.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        youling 257 <youling257@...il.com>
Subject: Re: [PATCH] early init: open /dev/console with O_LARGEFILE

On Wed, Jan 01, 2020 at 03:01:12PM -0800, Linus Torvalds wrote:
> On Wed, Jan 1, 2020 at 2:50 PM Arvind Sankar <nivedita@...m.mit.edu> wrote:
> >
> > Shouldn't that only affect init though? The getty's it spawns should be
> > in their own sessions.
> 
> They *should* be in their own sessions, and clearly this problem
> doesn't seem to really affect much anybody else.
> 
> But I think youling has some limited and/or odd init userspace, and I
> think it gets confused.
> 
> So my theory is that because of the file descriptor leak, that "forget
> the old controlling tty" doesn't happen, and then subsequent tty opens
> don't do the right thing.
> 
> Maybe.
> 
> But it's the only real semantic change I can see in that whole patch.
> 
>                  Linus

Ok. If you do end up going with this rather than the revert, one minor
nit with the patch -- if somehow the filp_open succeeds but one of the
f_dupfd's fails, you still need to do an fput to avoid leaking the
reference.

Powered by blists - more mailing lists