| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <viwd2c53bnfyflny7sdmumawimwjy2mcmoigk5shhkmiabtbm5@3vcv3a3664cc>
Date: Sat, 13 Dec 2025 20:37:37 +0100
From: Alejandro Colomar <alx@...nel.org>
To: Alyssa Ross <hi@...ssa.is>
Cc: Christian Brauner <brauner@...nel.org>,
Al Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org, linux-man@...r.kernel.org
Subject: Re: [PATCH] man/man2/setns.2: clarify type of nsfs fd required
Hi Alyssa, Christian, Al,
On Sat, Dec 13, 2025 at 07:59:04PM +0100, Alyssa Ross wrote:
> Alejandro Colomar <alx@...nel.org> writes:
>
> > Hi Alyssa,
> >
> > On Sat, Dec 13, 2025 at 06:58:53PM +0100, Alyssa Ross wrote:
> >> I was surprised to discover than an O_PATH file descriptor was
> >> insufficient.
> >
> > How did you discover it? Could you please link to relevant information
> > (or kernel sources)?
>
> By trying it!
>
> Presumably it's the fd_empty() check at the beginning of the syscall
> implementation in nsproxy.c.
Hmm, thanks! I don't see any documentation about this, neither in the
kernel Documentation/, nor in the commit messages that introduced this
code. Christian, Al, would you mind checking if this is intended? If
so, it would be useful to document why O_PATH is not accepted. Is it
a security problem?
> >> Since the mode of nsfs files is always 0444, tell
> >> callers to always a file descriptor opened for reading.
> >
> > Missing 'use'?
>
> Yes. Feel free to add it.
Thanks!
Cheers,
Alex
--
<https://www.alejandro-colomar.es>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists