lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 11 Sep 2023 15:42:46 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Jeff Layton <jlayton@...nel.org>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Trond Myklebust <trond.myklebust@...merspace.com>,
        Anna Schumaker <anna@...nel.org>,
        Ondrej Valousek <ondrej.valousek.xm@...esas.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-nfs@...r.kernel.org
Subject: Re: [PATCH v2] fs: add a new SB_NOUMASK flag

On Sun, Sep 10, 2023 at 03:30:48PM -0400, Jeff Layton wrote:
> SB_POSIXACL must be set when a filesystem supports POSIX ACLs, but NFSv4
> also sets this flag to prevent the VFS from applying the umask on
> newly-created files. NFSv4 doesn't support POSIX ACLs however, which
> causes confusion when other subsystems try to test for them.
> 
> Split the umask-stripping opt-out into a separate SB_NOUMASK flag, and
> have NFSv4 set that instead of SB_POSIXACL. Fix the appropriate places
> in the VFS to check for that flag (in addition to SB_POSIXACL) when
> stripping the umask.

Oh, I see you only raised SB_POSIXACL to avoid umask stripping. That's a
bit weird indeed. Hm, since this is an internal, non-user changeable
flag I think it might be better in s_iflags as SB_I_NOUMASK? Also allows
us to avoid wasting an s_flags bit.

> 
> Signed-off-by: Jeff Layton <jlayton@...nel.org>
> ---
> Yet another approach to fixing this issue. I think this way is probably
> the best, since makes the purpose of these flags clearer, and stops NFS
> from relying on SB_POSIXACL to avoid umask stripping.
> ---
> Changes in v2:
> - new approach: add a new SB_NOUMASK flag that NFSv4 can use instead of
>   SB_POSIXACL
> - Link to v1: https://lore.kernel.org/r/20230908-acl-fix-v1-1-1e6b76c8dcc8@kernel.org
> ---
>  fs/init.c          | 4 ++--
>  fs/namei.c         | 2 +-
>  fs/nfs/super.c     | 2 +-
>  include/linux/fs.h | 4 +++-
>  4 files changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/init.c b/fs/init.c
> index 9684406a8416..157404bb7d19 100644
> --- a/fs/init.c
> +++ b/fs/init.c
> @@ -153,7 +153,7 @@ int __init init_mknod(const char *filename, umode_t mode, unsigned int dev)
>  	if (IS_ERR(dentry))
>  		return PTR_ERR(dentry);
>  
> -	if (!IS_POSIXACL(path.dentry->d_inode))
> +	if (!IS_NOUMASK(path.dentry->d_inode))
>  		mode &= ~current_umask();
>  	error = security_path_mknod(&path, dentry, mode, dev);
>  	if (!error)
> @@ -229,7 +229,7 @@ int __init init_mkdir(const char *pathname, umode_t mode)
>  	dentry = kern_path_create(AT_FDCWD, pathname, &path, LOOKUP_DIRECTORY);
>  	if (IS_ERR(dentry))
>  		return PTR_ERR(dentry);
> -	if (!IS_POSIXACL(path.dentry->d_inode))
> +	if (!IS_NOUMASK(path.dentry->d_inode))
>  		mode &= ~current_umask();

Could you please just convert them over to mode_strip_umask()?
Seems I forgot these two places back then.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ