| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200721171036.GX2786714@ZenIV.linux.org.uk>
Date: Tue, 21 Jul 2020 18:10:36 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Christoph Hellwig <hch@....de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
linux-kernel@...r.kernel.org, linux-raid@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org
Subject: Re: [PATCH 16/24] init: add an init_chroot helper
On Tue, Jul 21, 2020 at 06:28:10PM +0200, Christoph Hellwig wrote:
> +int __init init_chroot(const char *filename)
> +{
> + struct path path;
> + int error;
> +
> + error = kern_path(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
> + if (error)
> + return error;
> + error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
Matter of taste, but if we do that, I wonder if we would be better off with
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
if (!error && !ns_capable(current_user_ns(), CAP_SYS_CHROOT))
error = -EPERM;
if (!error)
error = security_path_chroot(&path);
if (!error)
set_fs_root(current->fs, &path);
path_put(&path);
return error;
Powered by blists - more mailing lists