lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <161550398415.1983424.4857046033308089813.stgit@warthog.procyon.org.uk>
Date:   Thu, 11 Mar 2021 23:06:24 +0000
From:   David Howells <dhowells@...hat.com>
To:     linux-afs@...ts.infradead.org
Cc:     Gaja Sophie Peters <gaja.peters@...h.uni-hamburg.de>,
        dhowells@...hat.com,
        Gaja Sophie Peters <gaja.peters@...h.uni-hamburg.de>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v2 0/2] AFS metadata xattr fixes


Here's a pair of fixes for AFS.

 (1) Fix an oops in AFS that can be triggered by accessing one of the
     afs.yfs.* xattrs against a yfs server[1][2] - for instance by "cp -a"
     or "rsync -X".  These try and copy all of the xattrs.

     They should pay attention to the list in /etc/xattr.conf, but cp
     doesn't on Ubuntu and rsync doesn't seem to on Ubuntu or Fedora.
     xattr.conf has been modified upstream[3], but a new version hasn't
     been cut yet.  I've logged a bug against rsync for the problem
     there[4].

 (2) Stop listing "afs.*" xattrs[6], particularly ACL ones[8].  This
     removes them from the list returned by listxattr(), but they're still
     available to get/set.

The patches can be found here:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes

Changes:
ver #2:
 - Hide all of the afs.* xattrs, not just the ACL ones[7].

David

Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003498.html [1]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003501.html [2]
Link: https://git.savannah.nongnu.org/cgit/attr.git/commit/?id=74da517cc655a82ded715dea7245ce88ebc91b98 [3]
Link: https://github.com/WayneD/rsync/issues/163 [4]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003516.html [5]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003524.html [6]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003565.html # v1
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003568.html [7]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003570.html [8]

---
David Howells (2):
      afs: Fix accessing YFS xattrs on a non-YFS server
      afs: Stop listxattr() from listing "afs.*" attributes


 fs/afs/dir.c      |  1 -
 fs/afs/file.c     |  1 -
 fs/afs/inode.c    |  1 -
 fs/afs/internal.h |  1 -
 fs/afs/mntpt.c    |  1 -
 fs/afs/xattr.c    | 23 -----------------------
 6 files changed, 28 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ