lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f1b77cafef8c4d159b1daa9cd4a06794@AcuMS.aculab.com>
Date:   Thu, 4 Jun 2020 13:28:02 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Christian Brauner' <christian.brauner@...ntu.com>,
        Kees Cook <keescook@...omium.org>
CC:     Sargun Dhillon <sargun@...gun.me>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Tycho Andersen <tycho@...ho.ws>,
        Matt Denton <mpdenton@...gle.com>,
        Jann Horn <jannh@...gle.com>, Chris Palmer <palmer@...gle.com>,
        Aleksa Sarai <cyphar@...har.com>,
        Robert Sesek <rsesek@...gle.com>,
        "containers@...ts.linux-foundation.org" 
        <containers@...ts.linux-foundation.org>,
        Giuseppe Scrivano <gscrivan@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Al Viro" <viro@...iv.linux.org.uk>,
        Daniel Wagner <daniel.wagner@...-carit.de>,
        "David S . Miller" <davem@...emloft.net>,
        John Fastabend <john.r.fastabend@...el.com>,
        Tejun Heo <tj@...nel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "cgroups@...r.kernel.org" <cgroups@...r.kernel.org>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: RE: [PATCH v3 1/4] fs, net: Standardize on file_receive helper to
 move fds across processes

From: Christian Brauner
> Sent: 04 June 2020 13:52
..
> For scm you can fail somewhere in the middle of putting any number of
> file descriptors so you're left in a state with only a subset of
> requested file descriptors installed so it's not really useful there.
> And if you manage to install an fd but then fail to put_user() it
> userspace can simply check it's fds via proc and has to anyway on any
> scm message error. If you fail an scm message userspace better check
> their fds.

There is a similar error path in the sctp 'peeloff' code.
If the put_user() fails it currently closes the fd before
returning -EFAULT.

I'm not at all sure this is helpful.
The application can't tell whether the SIGSEGV happened on the
copyin of the parameters or the copyout of the result.

ISTM that if the application passes an address that cannot
be written to it deserves what it gets - typically an fd it
doesn't know the number of.

What is important is that the kernel data is consistent.
So when the process exits the fd is closed and all the resources
are released.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ