lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  3 Oct 2022 13:19:42 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] acl updates for v6.1

Hey Linus,

/* Summary */
These are general fixes and preparatory changes related to the ongoing posix
acl rework. The actual rework where we build a type safe posix acl api wasn't
ready for this merge window but we're hopeful for the v6.2 merge window.

General fixes:
* Some filesystems like 9p and cifs have to implement custom posix acl handlers
  because they require access to the dentry in order to set and get posix acls
  while the set and get inode operations currently don't. But the ntfs3
  filesystem has no such requirement and thus implemented custom posix acl
  xattr handlers when it really didn't have to. So this pr contains patch that
  just implements set and get inode operations for ntfs3 and switches it to
  rely on the generic posix acl xattr handlers. (We would've appreciated
  reviews from the ntfs3 maintainers but we didn't get any. But hey, if we
  really broke it we'll fix it. But fstests for ntfs3 said it's fine.)
* The posix_acl_fix_xattr_common() helper has been adapted so it can be used by
  a few more callers and avoiding open-coding the same checks over and over.

Other than the two general fixes this series introduces a new helper
vfs_set_acl_prepare(). The reason for this helper is so that we can mitigate
one of the source that change {g,u}id values directly in the uapi struct. With
the vfs_set_acl_prepare() helper we can move the idmapped mount fixup into the
generic posix acl set handler.

The advantage of this is that it allows us to remove the
posix_acl_setxattr_idmapped_mnt() helper which so far we had to call in
vfs_setxattr() to account for idmapped mounts. While semantically correct the
problem with this approach was that we had to keep the value parameter of the
generic vfs_setxattr() call as non-const. This is rectified in this series.

Ultimately, we will get rid of all the extreme kludges and type unsafety once
we have merged the posix api - hopefully during the next merge window - built
solely around get and set inode operations. Which incidentally will also
improve handling of posix acls in security and especially in integrity modesl.
While this will come with temporarily having two inode operation for posix acls
that is nothing compared to the problems we have right now and so well worth
it. We'll end up with something that we can actually reason about instead of
needing to write novels to explain what's going on.

/* Testing */
clang: Ubuntu clang version 14.0.0-1ubuntu1
gcc:   gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0

All patches are based on v6.0-rc3 and have been sitting in linux-next. No build
failures or warnings were observed. All old and new tests in fstests,
selftests, and LTP pass without regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit b90cb1053190353cc30f0fef0ef1f378ccc063c5:

  Linux 6.0-rc3 (2022-08-28 15:05:29 -0700)

are available in the Git repository at:

  ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.acl.rework.prep.v6.1

for you to fetch changes up to 38e316398e4e6338b80223fb5f74415c0513718f:

  xattr: always us is_posix_acl_xattr() helper (2022-09-21 12:01:29 +0200)

Please consider pulling these changes from the signed fs.acl.rework.prep.v6.1 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.acl.rework.prep.v6.1

----------------------------------------------------------------
Christian Brauner (7):
      ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
      acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
      acl: add vfs_set_acl_prepare()
      acl: move idmapping handling into posix_acl_xattr_set()
      ovl: use vfs_set_acl_prepare()
      xattr: constify value argument in vfs_setxattr()
      xattr: always us is_posix_acl_xattr() helper

Deming Wang (1):
      acl: fix the comments of posix_acl_xattr_set

 fs/ntfs3/inode.c                  |   2 -
 fs/ntfs3/xattr.c                  | 102 +-------------
 fs/overlayfs/overlayfs.h          |   2 +-
 fs/overlayfs/super.c              |  15 +-
 fs/posix_acl.c                    | 288 +++++++++++++++++++++++++++++---------
 fs/xattr.c                        |  15 +-
 include/linux/posix_acl_xattr.h   |  12 +-
 include/linux/xattr.h             |   2 +-
 security/integrity/evm/evm_main.c |  17 ++-
 9 files changed, 264 insertions(+), 191 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ