lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20250111.PhoHophoh1zi@digikod.net>
Date: Sat, 11 Jan 2025 16:38:56 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Günther Noack <gnoack3000@...il.com>
Cc: Günther Noack <gnoack@...gle.com>, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-security-module@...r.kernel.org, Paul Moore <paul@...l-moore.com>, 
	Dave Chinner <david@...morbit.com>, Kent Overstreet <kent.overstreet@...ux.dev>, 
	syzbot+34b68f850391452207df@...kaller.appspotmail.com, syzbot+360866a59e3c80510a62@...kaller.appspotmail.com, 
	Ubisectech Sirius <bugreport@...sectech.com>, Brian Foster <bfoster@...hat.com>, 
	linux-bcachefs@...r.kernel.org, linux-xfs@...r.kernel.org
Subject: Re: [PATCH v1 1/2] landlock: Handle weird files

On Fri, Jan 10, 2025 at 05:37:26PM +0100, Günther Noack wrote:
> On Fri, Jan 10, 2025 at 04:39:13PM +0100, Mickaël Salaün wrote:
> > A corrupted filesystem (e.g. bcachefs) might return weird files.
> > Instead of throwing a warning and allowing access to such file, treat
> > them as regular files.
> > 
> > Cc: Dave Chinner <david@...morbit.com>
> > Cc: Günther Noack <gnoack@...gle.com>
> > Cc: Kent Overstreet <kent.overstreet@...ux.dev>
> > Cc: Paul Moore <paul@...l-moore.com>
> > Reported-by: syzbot+34b68f850391452207df@...kaller.appspotmail.com
> > Closes: https://lore.kernel.org/r/000000000000a65b35061cffca61@google.com
> > Reported-by: syzbot+360866a59e3c80510a62@...kaller.appspotmail.com
> > Closes: https://lore.kernel.org/r/67379b3f.050a0220.85a0.0001.GAE@google.com
> > Reported-by: Ubisectech Sirius <bugreport@...sectech.com>
> > Closes: https://lore.kernel.org/r/c426821d-8380-46c4-a494-7008bbd7dd13.bugreport@ubisectech.com
> > Fixes: cb2c7d1a1776 ("landlock: Support filesystem access-control")
> > Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> > ---
> >  security/landlock/fs.c | 11 +++++------
> >  1 file changed, 5 insertions(+), 6 deletions(-)
> > 
> > diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> > index e31b97a9f175..7adb25150488 100644
> > --- a/security/landlock/fs.c
> > +++ b/security/landlock/fs.c
> > @@ -937,10 +937,6 @@ static access_mask_t get_mode_access(const umode_t mode)
> >  	switch (mode & S_IFMT) {
> >  	case S_IFLNK:
> >  		return LANDLOCK_ACCESS_FS_MAKE_SYM;
> > -	case 0:
> > -		/* A zero mode translates to S_IFREG. */
> > -	case S_IFREG:
> > -		return LANDLOCK_ACCESS_FS_MAKE_REG;
> >  	case S_IFDIR:
> >  		return LANDLOCK_ACCESS_FS_MAKE_DIR;
> >  	case S_IFCHR:
> > @@ -951,9 +947,12 @@ static access_mask_t get_mode_access(const umode_t mode)
> >  		return LANDLOCK_ACCESS_FS_MAKE_FIFO;
> >  	case S_IFSOCK:
> >  		return LANDLOCK_ACCESS_FS_MAKE_SOCK;
> > +	case S_IFREG:
> > +	case 0:
> > +		/* A zero mode translates to S_IFREG. */
> >  	default:
> > -		WARN_ON_ONCE(1);
> > -		return 0;
> > +		/* Treats weird files as regular files. */
> > +		return LANDLOCK_ACCESS_FS_MAKE_REG;
> >  	}
> >  }
> >  
> > -- 
> > 2.47.1
> > 
> 
> Reviewed-by: Günther Noack <gnoack3000@...il.com>
> 
> Makes sense to me, since this is enforcing a stronger check than before
> and can only happen in the case of corruption.
> 
> I do not have a good intuition about what happens afterwards when the
> file system is in such a state.  I imagine that this will usually give
> an error shortly afterwards, as the opening of the file continues?  Is
> that right?

I guess it depends on the filesystem implementation.  For instance, XFS
returns an error if a weird file is detected [1], whereas bcachefs
ignores it (which is considered a bug, but not fixed yet) [2].

[1] https://lore.kernel.org/all/Zpc46HEacI%2Fwd7Rg@dread.disaster.area/
[2] https://lore.kernel.org/all/4hohnthh54adx35lnxzedop3oxpntpmtygxso4iraiexfdlt4d@6m7ssepvjyar/

> 
> –Günther
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ