From: simo <idra@samba.org>
To: Andi Kleen <andi@firstfloor.org>
Cc: sfrench@samba.org, linux-kernel@vger.kernel.org,
linux-cifs-client@lists.samba.org,
samba-technical@lists.samba.org
Subject: Re: [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS client
Date: Sat, 19 Jan 2008 03:18:42 -0500 [thread overview]
Message-ID: <1200730722.28706.70.camel@localhost.localdomain> (raw)
In-Reply-To: <20080119045552.GA11134@basil.nowhere.org>
On Sat, 2008-01-19 at 05:55 +0100, Andi Kleen wrote:
> Fix information leak in CIFS client lookup
>
> Putting arbitary file names on lookup failures into the system log is not
> a good idea, because usually everybody can read dmesg and that is thus
> an information leak if a directory was read protected.
>
> Also changed the error printout for this case to a signed number, because
> it is normally negative and that makes it easier to read.
>
> I'm not sure the message is all that useful anyways. Perhaps it
> should be just removed completely? Or at least rate limited because
> it allows to spam the kernel log nicely.
>
> Signed-off-by: Andi Kleen <ak@suse.de>
>
> Index: linux/fs/cifs/dir.c
> ===================================================================
> --- linux.orig/fs/cifs/dir.c
> +++ linux/fs/cifs/dir.c
> @@ -518,7 +518,7 @@ cifs_lookup(struct inode *parent_dir_ino
> /* if it was once a directory (but how can we tell?) we could do
> shrink_dcache_parent(direntry); */
> } else {
> - cERROR(1, ("Error 0x%x on cifs_get_inode_info in lookup of %s",
> + cERROR(1, ("Error %d on cifs_get_inode_info in lookup of file",
> rc, full_path));
then please remove also full_path here ^^^^
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo@samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce@redhat.com>
next prev parent reply other threads:[~2008-01-19 8:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-19 4:55 [PATCH] Remove information leak in Linux CIFS client Andi Kleen
2008-01-19 8:18 ` simo [this message]
2008-01-19 22:06 ` [linux-cifs-client] " Steve French
2008-01-19 22:30 ` [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg Andi Kleen
2008-01-19 22:55 ` Steve French
2008-01-19 23:25 ` Andi Kleen
2008-01-20 0:32 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1200730722.28706.70.camel@localhost.localdomain \
--to=idra@samba.org \
--cc=andi@firstfloor.org \
--cc=linux-cifs-client@lists.samba.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.