| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250211205418.GI1977892@ZenIV>
Date: Tue, 11 Feb 2025 20:54:18 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Christian Brauner <brauner@...nel.org>
Cc: Zicheng Qu <quzicheng@...wei.com>,
Linus Torvalds <torvalds@...ux-foundation.org>, jlayton@...nel.org,
axboe@...nel.dk, joel.granados@...nel.org, tglx@...utronix.de,
hch@....de, len.brown@...el.com, pavel@....cz, pengfei.xu@...el.com,
rafael@...nel.org, tanghui20@...wei.com, zhangqiao22@...wei.com,
judy.chenhui@...wei.com, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
linux-pm@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH 2/2] acct: block access to kernel internal filesystems
On Tue, Feb 11, 2025 at 06:16:00PM +0100, Christian Brauner wrote:
> There's no point in allowing anything kernel internal nor procfs or
> sysfs.
> + /* Exclude kernel kernel internal filesystems. */
> + if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
> + kfree(acct);
> + filp_close(file, NULL);
> + return -EINVAL;
> + }
> +
> + /* Exclude procfs and sysfs. */
> + if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
> + kfree(acct);
> + filp_close(file, NULL);
> + return -EINVAL;
> + }
That looks like a really weird way to test it, especially the second
part...
Powered by blists - more mailing lists