lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YxGYepQlLZTE84HB@kroah.com>
Date:   Fri, 2 Sep 2022 07:45:30 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Brian Norris <briannorris@...omium.org>
Cc:     "Rafael J . Wysocki" <rafael@...nel.org>,
        Ingo Molnar <mingo@...hat.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] debugfs: Only clobber mode/uid/gid on remount if
 asked

On Thu, Sep 01, 2022 at 03:32:18PM -0700, Brian Norris wrote:
> On Thu, Sep 01, 2022 at 05:58:14PM +0200, Greg Kroah-Hartman wrote:
> > On Fri, Aug 26, 2022 at 05:44:16PM -0700, Brian Norris wrote:
> > > Users may have explicitly configured their debugfs permissions; we
> > > shouldn't overwrite those just because a second mount appeared.
> > 
> > What userspace mounts debugfs twice?
> 
> I'll admit, my particular userspace in question (Chrom{e,ium}OS) does
> not. There are several debugfs mounts, but they are bind mounts, which
> don't hit this problem.
> 
> But Steven hits the nail on the head for most of my reasoning; my main
> motivation is for tracefs (patch 2), whose automount makes this very
> surprising. I included patch 1 for consistency (tracefs essentially
> copy/pasted debugfs). I could drop patch 1 if that helps somehow, but
> I'd still like to consider the automount difficulties in patch 2.
> 
> > > Only clobber if the options were provided at mount time.
> > > 
> > >   # Don't change /sys/kernel/debug/ permissions.
> > >   mount -t debugfs none /mnt/foo
> > > 
> > >   # Change /sys/kernel/debug/ mode and uid, but not gid.
> > >   mount -t debugfs -o uid=bar,mode=0750 none /mnt/baz
> > 
> > So what happens today with this change?  Without it?
> 
> Sorry, this was probably a bit too implied -- the gid changes to its
> default (0 if we never set it in a mount option before; or it will reset
> to any previous gid= mount setting).
> 
> # ls -ld /sys/kernel/debug/.
> drwxr-x---. 45 root debugfs-access 0 Dec 31  1969 /sys/kernel/debug/.
> # chown root:power /sys/kernel/debug/
> # ls -ld /sys/kernel/debug/.
> drwxr-x---. 45 root power 0 Dec 31  1969 /sys/kernel/debug/.
> # mount -t debugfs -o uid=power,mode=0750 none /tmp/mnt
> # ls -ld /sys/kernel/debug/.
> drwxr-x---. 45 power debugfs-access 0 Dec 31  1969 /sys/kernel/debug/.
> # mount | grep '\/sys\/kernel\/debug '
> debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime,seclabel,uid=228,gid=605,mode=750)
> 
> I can include more before/after examples in the commit message if you
> want. Honestly, that's kind of why I offered to write test cases; test
> cases show what's happening better than narrative descriptions.

before/after in the changelog comments are very good, thanks.  And yes,
tests are also good, I'd gladly take that too if you do a v2 of this
patch.

And make it independant of the tracefs change please, these would go
through two different trees as they have different maintainers.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ