lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5759EBF5.4010902@iogearbox.net> Date: Fri, 10 Jun 2016 00:21:41 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: Florian Westphal <fw@...len.de>, Saeed Mahameed <saeedm@...lanox.com> CC: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, Yevgeny Petrilin <yevgenyp@...lanox.com>, Andre Melkoumian <andre@...lanox.com>, Matthew Finlay <matt@...lanox.com>, Pablo Neira Ayuso <pablo@...filter.org>, Patrick McHardy <kaber@...sh.net>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu> Subject: Re: [PATCH net-next] nfnetlink_queue: enable PID info retrieval On 06/09/2016 11:35 PM, Florian Westphal wrote: > Saeed Mahameed <saeedm@...lanox.com> wrote: >> index a1bd161..67de200 100644 >> --- a/net/socket.c >> +++ b/net/socket.c >> @@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname) >> } >> >> sock->file = file; >> + file->f_owner.sock_pid = find_get_pid(task_pid_nr(current)); >> file->f_flags = O_RDWR | (flags & O_NONBLOCK); >> file->private_data = sock; >> return file; > > This looks like this leaks sock_pid reference...? > > (find_get_pid -> get_pid -> atomic_inc() , I don't see a put_pid in the > patch) > > Can't comment further than this since I'm not familiar with vfs; e.g. > I can't say if fown_struct is right place or not, or if this approach > even works when creating process has exited after fork, etc. Or ... if you xmit the fd via unix domain socket to a different process and initial owner terminates, which should give you invalid information then; afaik, this would just increase struct file's refcnt and hand out an unused fdnum ( get_unused_fd_flags() + fd_install(), etc). For extending 'struct fown_struct', you probably also need to Cc fs folks.
Powered by blists - more mailing lists