| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250725-vfs-nsfs-8b26651e63b9@brauner>
Date: Fri, 25 Jul 2025 13:27:23 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL 04/14 for v6.17] namespace updates
Hey Linus,
/* Summary */
This contains namespace updates. This time specifically for nsfs:
- Userspace heavily relies on the root inode numbers for namespaces to
identify the initial namespaces. That's already a hard dependency. So
we cannot change that anymore. Move the initial inode numbers to a
public header and align the only two namespaces that currently don't
do that with all the other namespaces.
- The root inode of /proc having a fixed inode number has been part of
the core kernel ABI since its inception, and recently some userspace
programs (mainly container runtimes) have started to explicitly depend
on this behaviour.
The main reason this is useful to userspace is that by checking that a
suspect /proc handle has fstype PROC_SUPER_MAGIC and is
PROCFS_ROOT_INO, they can then use
openat2(RESOLVE_{NO_{XDEV,MAGICLINK},BENEATH}) to ensure that there
isn't a bind-mount that replaces some procfs file with a different
one. This kind of attack has lead to security issues in container
runtimes in the past (such as CVE-2019-19921) and libraries like
libpathrs[1] use this feature of procfs to provide safe procfs
handling functions.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
No known conflicts.
Merge conflicts with other trees
================================
No known conflicts.
The following changes since commit 19272b37aa4f83ca52bdf9c16d5d81bdd1354494:
Linux 6.16-rc1 (2025-06-08 13:44:43 -0700)
are available in the Git repository at:
git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.17-rc1.nsfs
for you to fetch changes up to 76fdb7eb4e1c91086ce9c3db6972c2ed48c96afb:
uapi: export PROCFS_ROOT_INO (2025-07-10 09:39:18 +0200)
Please consider pulling these changes from the signed vfs-6.17-rc1.nsfs tag.
Thanks!
Christian
----------------------------------------------------------------
vfs-6.17-rc1.nsfs
----------------------------------------------------------------
Aleksa Sarai (1):
uapi: export PROCFS_ROOT_INO
Christian Brauner (4):
nsfs: move root inode number to uapi
netns: use stable inode number for initial mount ns
mntns: use stable inode number for initial mount ns
Merge patch series "nsfs: expose the stable inode numbers in a public header"
fs/namespace.c | 4 +++-
fs/proc/root.c | 10 +++++-----
include/linux/proc_ns.h | 16 +++++++++-------
include/uapi/linux/fs.h | 11 +++++++++++
include/uapi/linux/nsfs.h | 11 +++++++++++
net/core/net_namespace.c | 8 ++++++++
6 files changed, 47 insertions(+), 13 deletions(-)
Powered by blists - more mailing lists