| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250814063745.GP222315@ZenIV>
Date: Thu, 14 Aug 2025 07:37:45 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: linux-fsdevel@...r.kernel.org
Cc: Tycho Andersen <tycho@...ho.pizza>, Andrei Vagin <avagin@...gle.com>,
Andrei Vagin <avagin@...il.com>,
Christian Brauner <brauner@...nel.org>,
Pavel Tikhomirov <snorcht@...il.com>,
LKML <linux-kernel@...r.kernel.org>, criu@...ts.linux.dev,
Linux API <linux-api@...r.kernel.org>,
stable <stable@...r.kernel.org>
Subject: Re: [RFC][CFT] selftest for permission checks in mount propagation
changes
> void do_unshare(void)
> {
> FILE *f;
> uid_t uid = geteuid();
> gid_t gid = getegid();
> unshare(CLONE_NEWNS|CLONE_NEWUSER);
> f = fopen("/proc/self/uid_map", "w");
> fprintf(f, "0 %d 1", uid);
> fclose(f);
> f = fopen("/proc/self/setgroups", "w");
> fprintf(f, "deny");
> fclose(f);
> f = fopen("/proc/self/gid_map", "w");
> fprintf(f, "0 %d 1", gid);
> fclose(f);
> mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL);
> }
This obviously needs error checking - in this form it won't do
anything good without userns enabled (coredump on the first
fprintf() in there, since there won't be /proc/self/uid_map);
should probably just report CLONE_NEWUSER failure, warn about
skipped tests, fall back to unshare(CLONE_NEWNS) and skip
everything in in_child()...
Powered by blists - more mailing lists