lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210526090310.GI4332@42.do-not-panic.com>
Date:   Wed, 26 May 2021 09:03:10 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Menglong Dong <menglong8.dong@...il.com>
Cc:     Josh Triplett <josh@...htriplett.org>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Kees Cook <keescook@...omium.org>,
        Sami Tolvanen <samitolvanen@...gle.com>, ojeda@...nel.org,
        johan@...nel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
        masahiroy@...nel.org, Menglong Dong <dong.menglong@....com.cn>,
        joe@...ches.com, Jens Axboe <axboe@...nel.dk>, hare@...e.de,
        Jan Kara <jack@...e.cz>, tj@...nel.org,
        gregkh@...uxfoundation.org, song@...nel.org,
        NeilBrown <neilb@...e.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        f.fainelli@...il.com, arnd@...db.de,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        wangkefeng.wang@...wei.com, Barret Rhoden <brho@...gle.com>,
        mhiramat@...nel.org, Steven Rostedt <rostedt@...dmis.org>,
        vbabka@...e.cz, Alexander Potapenko <glider@...gle.com>,
        pmladek@...e.com, Chris Down <chris@...isdown.name>,
        jojing64@...il.com, terrelln@...com, geert@...ux-m68k.org,
        mingo@...nel.org, linux-fsdevel@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>, jeyu@...nel.org
Subject: Re: [PATCH v2 2/3] init/do_cmounts.c: introduce 'user_root' for
 initramfs

On Wed, May 26, 2021 at 04:33:00PM +0800, Menglong Dong wrote:
> On Wed, May 26, 2021 at 12:33 PM Josh Triplett <josh@...htriplett.org> wrote:
> >
> > On Tue, May 25, 2021 at 10:23:09PM -0500, Eric W. Biederman wrote:
> > > If we are going to do this something that is so small and clean it can
> > > be done unconditionally always.
> > [...]
> > > The net request as I understand it: Make the filesystem the initramfs
> > > lives in be an ordinary filesystem so it can just be used as the systems
> > > primary filesystem.
> >
> > Including the ability to pivot_root it away, which seems like the main
> > sticking point.
> >
> > If this can be done without any overhead, that seems fine, but if this
> > involves mounting an extra filesystem, that may add an appreciable
> > amount of boot time for systems trying to boot in milliseconds. (Such
> > systems would not use an initramfs if they're going to go on and boot a
> > separate root filesystem, but they can use an initramfs as their *only*
> > filesystem.)
> 
> Compared to the time the unpacking spent, a mounting seems nothing. In the
> scene above, this change can be disabled by kconfig, if pivot_root
> is not needed in initramfs.

I asked for the kconfig entry. And it would be good to document then
also the worst case expected on boot for what this could do to you. I
mean, we are opening a different evil universe. So that's why the
kconfig exists.  How bad and evil can this be?

I don't think anyone has clarified that yet.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ