lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <99a7a0ce-eb2f-4421-9f8e-e7f9d749b674@gmail.com>
Date: Mon, 24 Feb 2025 12:27:45 +0000
From: Pavel Begunkov <asml.silence@...il.com>
To: Bernd Schubert <bernd@...ernd.com>, Amir Goldstein <amir73il@...il.com>,
 Moinak Bhattacharyya <moinakb001@...il.com>
Cc: Miklos Szeredi <miklos@...redi.hu>, linux-fsdevel@...r.kernel.org,
 linux-kernel@...r.kernel.org, io-uring@...r.kernel.org
Subject: Re: [PATCH] Fuse: Add backing file support for uring_cmd

On 2/21/25 17:13, Bernd Schubert wrote:
> On 2/21/25 17:24, Amir Goldstein wrote:
...
>>> +/*
>>> + * Register new backing file for passthrough, getting backing map from
>>> URING_CMD data
>>> + */
>>> +static int fuse_uring_backing_open(struct io_uring_cmd *cmd,
>>> +    unsigned int issue_flags, struct fuse_conn *fc)
>>> +{
>>> +    const struct fuse_backing_map *map = io_uring_sqe_cmd(cmd->sqe);
>>> +    int ret = fuse_backing_open(fc, map);
>>> +
>>
>> I am not that familiar with io_uring, so I need to ask -
>> fuse_backing_open() does
>> fb->cred = prepare_creds();
>> to record server credentials
>> what are the credentials that will be recorded in the context of this
>> io_uring command?
> 
> This is run from the io_uring_enter() syscall - it should not make

That's not necessarily true ...

> a difference to an ioctl, AFAIK. Someone from @io-uring please
> correct me if I'm wrong.

... but it's executed in a context that inherits creds from the
task that submitted the request. It might be trickier if the app
changes creds at runtime, but IIRC the request tries to grab
creds at submission time.

-- 
Pavel Begunkov


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ