lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <161547181530.1868820.12933722592029066752.stgit@warthog.procyon.org.uk>
Date:   Thu, 11 Mar 2021 14:10:15 +0000
From:   David Howells <dhowells@...hat.com>
To:     linux-afs@...ts.infradead.org
Cc:     Gaja Sophie Peters <gaja.peters@...h.uni-hamburg.de>,
        dhowells@...hat.com,
        Gaja Sophie Peters <gaja.peters@...h.uni-hamburg.de>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] AFS metadata xattr fixes


Here's a pair of fixes for AFS.

 (1) Fix an oops in AFS that can be triggered by accessing one of the
     afs.yfs.* xattrs against a yfs server[1][2] - for instance by "cp -a"
     or "rsync -X".  These try and copy all of the xattrs.

     They should pay attention to the list in /etc/xattr.conf, but cp
     doesn't on Ubuntu and rsync doesn't seem to on Ubuntu or Fedora.
     xattr.conf has been modified upstream[3], but a new version hasn't
     been cut yet.  I've logged a bug against rsync for the problem
     there[4].

 (2) Hide ACL-related AFS xattrs[6].  This removes them from the list
     returned by listxattr(), but they're still available to get/set.

With further regard to the second patch, I tried just hiding the
appropriate ACL-related xattrs[5] first, but it didn't work well,
especially when a volume is replicated across servers of different types.

I wonder if it's better to just hide all the afs.* xattrs from listxattr().
It would probably be even better to not use xattrs for this, but I'm not
sure what I would use instead.

The patches can be found here:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes

David

Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003498.html [1]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003501.html [2]
Link: https://git.savannah.nongnu.org/cgit/attr.git/commit/?id=74da517cc655a82ded715dea7245ce88ebc91b98 [3]
Link: https://github.com/WayneD/rsync/issues/163 [4]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003516.html [5]
Link: http://lists.infradead.org/pipermail/linux-afs/2021-March/003524.html [6]
---
David Howells (2):
      afs: Fix accessing YFS xattrs on a non-YFS server
      afs: Fix afs_listxattr() to not list afs ACL special xattrs


 fs/afs/xattr.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ