lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <198cc8d3da6.124bd761f86893.6196757670555212232@zohomail.com>
Date: Thu, 21 Aug 2025 16:14:25 +0400
From: Askar Safin <safinaskar@...omail.com>
To: "Aleksa Sarai" <cyphar@...har.com>
Cc: "Alejandro Colomar" <alx@...nel.org>,
	"Michael T. Kerrisk" <mtk.manpages@...il.com>,
	"Alexander Viro" <viro@...iv.linux.org.uk>,
	"Jan Kara" <jack@...e.cz>,
	"G. Branden Robinson" <g.branden.robinson@...il.com>,
	"linux-man" <linux-man@...r.kernel.org>,
	"linux-api" <linux-api@...r.kernel.org>,
	"linux-fsdevel" <linux-fsdevel@...r.kernel.org>,
	"linux-kernel" <linux-kernel@...r.kernel.org>,
	"David Howells" <dhowells@...hat.com>,
	"Christian Brauner" <brauner@...nel.org>
Subject: Re: [PATCH v3 00/12] man2: document "new" mount API

There is one particular case when open_tree is more powerful than openat with O_PATH. open_tree supports AT_EMPTY_PATH, and openat supports nothing similar.
This means that we can convert normal O_RDONLY file descriptor to O_PATH descriptor using open_tree! I. e.:
  rd = openat(AT_FDCWD, "/tmp/a", O_RDONLY, 0); // Regular file
  open_tree(rd, "", AT_EMPTY_PATH);
You can achieve same effect using /proc:
  rd = openat(AT_FDCWD, "/tmp/a", O_RDONLY, 0); // Regular file
  snprintf(buf, sizeof(buf), "/proc/self/fd/%d", rd);
  openat(AT_FDCWD, buf, O_PATH, 0);
But still I think this has security implications. This means that even if we deny access to /proc for container, it still is able to convert O_RDONLY
descriptors to O_PATH descriptors using open_tree. I. e. this is yet another thing to think about when creating sandboxes.
I know you delivered a talk about similar things a lot of time ago: https://lwn.net/Articles/934460/ . (I tested this.)

--
Askar Safin
https://types.pl/@safinaskar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ