lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2022 13:33:48 +0100
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfsuid updates for v6.2

Hey Linus,

/* Summary */
Last cycle we introduced the vfs{g,u}id_t types and associated helpers to gain
type safety when dealing with idmapped mounts. That initial pull request back
then already converted a lot of places over but there were still some left,

This pull request converts all remaining places that still make use of non-type
safe idmapping helpers to rely on the new type safe vfs{g,u}id based helpers.
Afterwards it removes all the old non-type safe helpers.

Note that this pull request has the setgid inheritance branch merged in as the
setgid inheritance branch unifies multiple open-coded checks into a single
helper making the conversion here easier. I've sent a pull request for that
work rearlier so it's on the list and in your inbox before this one. The lore
url is:
https://lore.kernel.org/lkml/20221212112053.99208-1-brauner@kernel.org

In case you don't want to pull "setgid inheritance updates for v6.2" but still
would like to pull the remaining vfs{g,u}id_t conversions (That would be
greatly appreciated as it gets rid of duplicated functionality between the
different helpers.) I prepared the tag

  fs.vfsuid.conversion.standalone.v6.2

This tag only contains all the vfs{g,u}id_t patches without any of the "setgid
inheritance updates for v6.2" patches.

  ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.standalone.v6.2

/* Testing */
clang: Ubuntu clang version 15.0.2-1
gcc: gcc (Ubuntu 12.2.0-3ubuntu1) 12.2.0

All patches are based on v6.1-rc1 and have been sitting in linux-next. No build
failures or warnings were observed. The vfsuid conversionn portion passes all
old and new tests in fstests, selftests, and LTP pass without regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:

  Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)

are available in the Git repository at:

  ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.v6.2

__Alternatively__, a standalone version without the setgid patches merged in
can be found at:

  ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.vfsuid.conversion.standalone.v6.2

for you to fetch changes up to eb7718cdb73c6b0c93002f8f73f4dd4701f8d2bb:

  fs: remove unused idmapping helpers (2022-10-26 10:03:34 +0200)

Please consider pulling these changes from the signed fs.vfsuid.conversion.v6.2
or fs.vfsuid.conversion.standalone.v6.2 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.vfsuid.conversion.v6.2

----------------------------------------------------------------
Amir Goldstein (2):
      ovl: remove privs in ovl_copyfile()
      ovl: remove privs in ovl_fallocate()

Christian Brauner (12):
      attr: add in_group_or_capable()
      fs: move should_remove_suid()
      attr: add setattr_should_drop_sgid()
      attr: use consistent sgid stripping checks
      mnt_idmapping: add missing helpers
      fs: use type safe idmapping helpers
      caps: use type safe idmapping helpers
      apparmor: use type safe idmapping helpers
      ima: use type safe idmapping helpers
      fuse: port to vfs{g,u}id_t and associated helpers
      ovl: port to vfs{g,u}id_t and associated helpers
      fs: remove unused idmapping helpers

 Documentation/trace/ftrace.rst      |   2 +-
 fs/attr.c                           |  74 +++++++++++++++++++++++---
 fs/coredump.c                       |   4 +-
 fs/exec.c                           |  16 +++---
 fs/fuse/acl.c                       |   2 +-
 fs/fuse/file.c                      |   2 +-
 fs/inode.c                          |  72 ++++++++++++--------------
 fs/internal.h                       |  10 +++-
 fs/namei.c                          |  40 +++++++--------
 fs/ocfs2/file.c                     |   4 +-
 fs/open.c                           |   8 +--
 fs/overlayfs/file.c                 |  28 ++++++++--
 fs/overlayfs/util.c                 |   9 +++-
 fs/remap_range.c                    |   2 +-
 fs/stat.c                           |   7 ++-
 include/linux/fs.h                  |  36 +------------
 include/linux/mnt_idmapping.h       | 100 ++++++++++++------------------------
 kernel/capability.c                 |   4 +-
 security/apparmor/domain.c          |   8 +--
 security/apparmor/file.c            |   4 +-
 security/apparmor/lsm.c             |  25 ++++++---
 security/commoncap.c                |  51 +++++++++---------
 security/integrity/ima/ima_policy.c |  34 ++++++------
 23 files changed, 289 insertions(+), 253 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ