lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230824-inventar-wissen-d7801fbc9bf9@brauner>
Date:   Thu, 24 Aug 2023 16:48:31 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] procfs fixes

Hey Linus,

/* Summary */
Mode changes to files under /proc/<pid>/ aren't supported ever since
6d76fa58b050 ("Don't allow chmod() on the /proc/<pid>/ files").
Due to an oversight in commit 1b3044e39a89 ("procfs: fix pthread
cross-thread naming if !PR_DUMPABLE") in switching from REG to NOD,
mode changes on /proc/thread-self/comm were accidently allowed.

Similar, mode changes for all files beneath /proc/<pid>/net/ are blocked
but mode changes on /proc/<pid>/net itself were accidently allowed.

Both issues come down to not using the generic proc_setattr() helper
which blocks all mode changes. This is rectified with this pull request.

This also removes a strange nolibc test that abused /proc/<pid>/net for
testing mode changes. Using procfs for this test never made a lot of
sense given procfs has special semantics for almost everything anway.

Both changes are minor user-visible changes. It is however very unlikely
that mode changes on proc/<pid>/net and /proc/thread-self/comm are
something that userspace relies on.

/* Testing */
clang: Ubuntu clang version 15.0.7
gcc: (Ubuntu 12.2.0-3ubuntu1) 12.2.0

All patches are based on v6.5-rc1 and have been sitting in linux-next.
No build failures or warnings were observed.

/* Conflicts */
(1) linux-next: manual merge of the nolibc tree with the vfs-brauner tree
    https://lore.kernel.org/lkml/20230824141008.27f7270b@canb.auug.org.au

The following changes since commit 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5:

  Linux 6.5-rc1 (2023-07-09 13:53:13 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/v6.6-fs.proc.uapi

for you to fetch changes up to ccf61486fe1e1a48e18c638d1813cda77b3c0737:

  procfs: block chmod on /proc/thread-self/comm (2023-07-13 16:30:52 +0200)

Please consider pulling these changes from the signed v6.6-fs.proc.uapi tag.

Thanks!
Christian

----------------------------------------------------------------
v6.6-fs.proc.uapi

----------------------------------------------------------------
Aleksa Sarai (1):
      procfs: block chmod on /proc/thread-self/comm

Thomas Weißschuh (2):
      selftests/nolibc: drop test chmod_net
      proc: use generic setattr() for /proc/$PID/net

 fs/proc/base.c                               | 3 ++-
 fs/proc/proc_net.c                           | 1 +
 tools/testing/selftests/nolibc/nolibc-test.c | 1 -
 3 files changed, 3 insertions(+), 2 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ