| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200721182607.GA14450@lst.de>
Date: Tue, 21 Jul 2020 20:26:07 +0200
From: Christoph Hellwig <hch@....de>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Christoph Hellwig <hch@....de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-raid@...r.kernel.org,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot
On Tue, Jul 21, 2020 at 06:16:27PM +0100, Al Viro wrote:
> On Tue, Jul 21, 2020 at 09:49:17AM -0700, Linus Torvalds wrote:
> > On Tue, Jul 21, 2020 at 9:28 AM Christoph Hellwig <hch@....de> wrote:
> > >
> > > +
> > > + /* traverse into overmounted root and then chroot to it */
> > > + if (!kern_path("/..", LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path) &&
> > > + !inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR) &&
> > > + ns_capable(current_user_ns(), CAP_SYS_CHROOT) &&
> > > + !security_path_chroot(&path)) {
> > > + set_fs_pwd(current->fs, &path);
> > > + set_fs_root(current->fs, &path);
> > > + }
> > > + path_put(&path);
> >
> > This looks wrong.
>
> It is wrong. kern_path() leaves *path unmodified in case of error, and
> that struct path is uninitialized here.
Yep. Only saving grace is that the error just doesn't happen during
early init.
Powered by blists - more mailing lists