lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Yi0+VYSyqbyXZyDS@zeniv-ca.linux.org.uk>
Date:   Sun, 13 Mar 2022 00:44:05 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     Paul Moore <paul@...l-moore.com>,
        John Johansen <john.johansen@...onical.com>,
        Mickaël Salaün <mic@...ikod.net>,
        Christian Brauner <brauner@...nel.org>,
        "Darrick J . Wong" <djwong@...nel.org>,
        Eric Paris <eparis@...isplace.org>,
        James Morris <jmorris@...ei.org>,
        Kentaro Takeda <takedakn@...data.co.jp>,
        Miklos Szeredi <miklos@...redi.hu>,
        "Serge E . Hallyn" <serge@...lyn.com>,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        Steve French <sfrench@...ba.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        Mickaël Salaün <mic@...ux.microsoft.com>,
        selinux@...r.kernel.org, Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v1] fs: Fix inconsistent f_mode

On Sat, Mar 12, 2022 at 10:34:27AM +0900, Tetsuo Handa wrote:
> On 2022/03/12 7:15, Paul Moore wrote:
> > The silence on this has been deafening :/  No thoughts on fixing, or
> > not fixing OPEN_FMODE(), Al?
> 
> On 2022/03/01 19:15, Mickaël Salaün wrote:
> > 
> > On 01/03/2022 10:22, Christian Brauner wrote:
> >> That specific part seems a bit risky at first glance. Given that the
> >> patch referenced is from 2009 this means we've been allowing O_WRONLY |
> >> O_RDWR to succeed for almost 13 years now.
> >
> > Yeah, it's an old bug, but we should keep in mind that a file descriptor
> > created with such flags cannot be used to read nor write. However,
> > unfortunately, it can be used for things like ioctl, fstat, chdir… I
> > don't know if there is any user of this trick.
> 
> I got a reply from Al at https://lkml.kernel.org/r/20090212032821.GD28946@ZenIV.linux.org.uk
> that sys_open(path, 3) is for ioctls only. And I'm using this trick when opening something
> for ioctls only.

... so it's not just fdutils.  Cast in stone, IOW.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ