lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <63dd526c-20cb-4493-8ac5-e87a44c74419@case.edu>
Date: Wed, 14 May 2025 08:49:00 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Christian Brauner <brauner@...nel.org>,
        David Howells <dhowells@...hat.com>
Cc: chet.ramey@...e.edu, Alexander Viro <viro@...iv.linux.org.uk>,
        Etienne Champetier <champetier.etienne@...il.com>,
        Marc Dionne <marc.dionne@...istor.com>,
        Jeffrey Altman
 <jaltman@...istor.com>,
        Steve French <sfrench@...ba.org>, linux-afs@...ts.infradead.org,
        openafs-devel@...nafs.org, linux-cifs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] afs, bash: Fix open(O_CREAT) on an extant AFS file in a
 sticky dir

On 5/5/25 9:14 AM, Christian Brauner wrote:

>> This works around the kernel not being able to validly check the
>> current_fsuid() against i_uid on the file or the directory because the
>> uidspaces of the system and of AFS may well be disjoint.  The problem lies
>> with the uid checks in may_create_in_sticky().
>>
>> However, the bash work around is going to be removed:
> 
> Why is it removed? That's a very strange comment:

I think this question has been adequately answered.


> So then just don't remove it. I don't see a reason for us to workaround
> userspace creating a bug for itself and forcing us to add two new inode
> operations to work around it.

I think this shows that userspace applications should be very cautious
about putting in workarounds for kernel bugs, and making them as limited
in scope as possible.


-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@...e.edu    http://tiswww.cwru.edu/~chet/

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (204 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ