From: Stephen Smalley <sds@tycho.nsa.gov>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: "David P. Quigley" <dpquigl@tycho.nsa.gov>,
Greg KH <greg@kroah.com>,
linux-kernel@vger.kernel.org, Greg KH <gregkh@suse.de>,
Jan Blunck <jblunck@suse.de>, James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>,
David Howells <dhowells@redhat.com>
Subject: Re: [patch 00/13] devtmpfs patches
Date: Wed, 13 May 2009 08:22:22 -0400 [thread overview]
Message-ID: <1242217342.9974.10.camel@localhost.localdomain> (raw)
In-Reply-To: <1242168913.6711.9.camel@poy>
On Wed, 2009-05-13 at 00:55 +0200, Kay Sievers wrote:
> On Tue, 2009-05-12 at 17:54 +0200, Kay Sievers wrote:
> > On Tue, May 12, 2009 at 17:35, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> >
> > > I think the issue is that the devtmpfs functions are calling vfs helpers
> > > to create and unlink the device nodes, and those helpers apply
> > > permission checks based on the current process' credentials. I think a
> > > similar issue arose in sysfs a while ago. Options are to either bypass
> > > the vfs helpers to avoid that permission checking for what I think are
> > > intended to be kernel-internal operations, or to override credentials
> > > temporarily around the calls to the vfs helpers, ala:
> > > new_cred = prepare_kernel_cred(NULL);
> > > old_cred = override_creds(new_cred);
> > > rc = vfs_mknod(...);
> > > revert_creds(old_cred);
> >
> > Ah, I see.
>
> Here is the current state of the patch. It would be great, if you can
> have a quick look, if that matches what you meant. It runs fine here,
> but I didn't try any security enforcing software so far, which might run
> into trouble without the credential stuff.
I think you'll actually need to switch credentials around the entire
sequence starting from vfs_path_lookup() and going through the
vfs_mknod() call in order to avoid any denials from vfs_path_lookup,
vfs_mkdir (via create_path), and vfs_mknod.
Then the same issue applies to devtmpfs_delete_node() to prevent unlink
denials against the current process when a node is removed, similarly
wrapping everything from the vfs_path_lookup() through the final
delete_path() call.
--
Stephen Smalley
National Security Agency
next prev parent reply other threads:[~2009-05-13 12:30 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090509142601.874865281@blue.kroah.org>
2009-05-09 14:37 ` [patch 00/13] devtmpfs patches Greg KH
2009-05-09 14:26 ` [patch 01/13] Driver Core: add nodename callbacks Greg KH
2009-05-10 12:52 ` Stephen Rothwell
2009-05-10 13:19 ` Kay Sievers
2009-05-11 20:51 ` Greg KH
2009-05-09 14:26 ` [patch 02/13] Driver Core: misc: add nodename support for misc devices Greg KH
2009-05-15 19:58 ` Pavel Machek
2009-05-18 14:34 ` Greg KH
2009-05-18 19:59 ` Pavel Machek
2009-05-18 20:28 ` Alan Cox
2009-05-09 14:26 ` [patch 03/13] Driver Core: usb: add nodename support for usb drivers Greg KH
2009-05-09 14:26 ` [patch 04/13] Driver Core: block: add nodename support for block drivers Greg KH
2009-05-09 14:26 ` [patch 05/13] Driver Core: x86: add nodename for cpuid and msr drivers Greg KH
2009-05-09 14:26 ` [patch 06/13] Driver Core: dvb: add nodename for dvb drivers Greg KH
2009-05-09 14:26 ` [patch 07/13] Driver Core: input: add nodename for input drivers Greg KH
2009-05-09 14:26 ` [patch 08/13] Driver Core: sound: add nodename for sound drivers Greg KH
2009-05-09 14:26 ` [patch 09/13] Driver Core: raw: add nodename for raw devices Greg KH
2009-05-09 14:26 ` [patch 10/13] Driver Core: drm: add nodename for drm devices Greg KH
2009-05-09 14:26 ` [patch 11/13] Driver Core: aoe: add nodename for aoe devices Greg KH
2009-05-09 14:26 ` [patch 12/13] Driver Core: bsg: add nodename for bsg driver Greg KH
2009-05-09 14:26 ` [patch 13/13] Driver Core: devtmpfs - driver core maintained /dev tmpfs Greg KH
2009-05-09 15:10 ` [patch 00/13] devtmpfs patches Fabio Comolli
2009-05-09 15:08 ` Greg KH
2009-05-09 15:22 ` Arjan van de Ven
2009-05-09 16:19 ` Greg KH
2009-05-09 19:09 ` Arjan van de Ven
2009-05-10 4:34 ` Arjan van de Ven
2009-05-10 7:48 ` Eric W. Biederman
2009-05-10 14:56 ` Eric W. Biederman
2009-05-10 5:34 ` Andrew Morton
2009-05-10 15:20 ` Greg KH
2009-05-10 15:59 ` Arjan van de Ven
2009-05-10 18:31 ` Peter Zijlstra
2009-05-10 21:19 ` Alan Cox
2009-05-10 23:47 ` Kay Sievers
2009-05-11 0:00 ` Arjan van de Ven
[not found] ` <ac3eb2510905101822t7fde14b3nf2c689621f69c925@mail.gmail.com>
2009-05-11 2:36 ` Eric W. Biederman
2009-05-11 10:46 ` Kay Sievers
2009-05-11 10:55 ` Alan Cox
2009-05-11 11:34 ` Kay Sievers
2009-05-11 13:05 ` [patch 00/13] devtmpfs Arjan van de Ven
2009-05-11 13:28 ` Kay Sievers
2009-05-11 13:49 ` Arjan van de Ven
2009-05-11 14:59 ` Kay Sievers
2009-05-11 13:10 ` [patch 00/13] devtmpfs patches Alan Cox
2009-05-11 14:14 ` Kay Sievers
2009-05-11 14:30 ` Arjan van de Ven
2009-05-11 14:42 ` Kay Sievers
2009-05-11 15:53 ` Alan Cox
2009-05-11 16:28 ` Kay Sievers
2009-05-11 16:41 ` Arjan van de Ven
2009-05-11 17:32 ` Kay Sievers
2009-05-11 17:55 ` Alan Cox
2009-05-11 18:04 ` Kay Sievers
2009-05-11 18:40 ` Alan Cox
2009-05-11 16:56 ` Alan Cox
2009-05-11 18:13 ` Eric W. Biederman
2009-05-11 3:55 ` Arjan van de Ven
2009-05-11 11:49 ` Fabio Comolli
2009-05-11 17:47 ` Greg KH
2009-05-11 16:40 ` Eric W. Biederman
2009-05-11 17:16 ` Kay Sievers
2009-05-11 21:13 ` Eric W. Biederman
2009-05-11 1:00 ` Andrew Morton
2009-05-11 3:58 ` Arjan van de Ven
2009-05-11 17:45 ` Greg KH
2009-05-09 16:46 ` Kay Sievers
2009-05-09 17:11 ` Alan Cox
2009-05-09 18:09 ` Kay Sievers
2009-05-11 17:40 ` David P. Quigley
2009-05-11 17:56 ` Greg KH
2009-05-11 20:41 ` David P. Quigley
2009-05-11 21:05 ` Kay Sievers
2009-05-11 21:19 ` Alan Cox
2009-05-11 21:27 ` Kay Sievers
2009-05-12 12:45 ` Stephen Smalley
2009-05-12 15:10 ` Kay Sievers
2009-05-12 15:35 ` Stephen Smalley
2009-05-12 15:54 ` Kay Sievers
2009-05-12 22:55 ` Kay Sievers
2009-05-12 23:22 ` David P. Quigley
2009-05-12 23:34 ` Kay Sievers
2009-05-12 23:50 ` Greg KH
2009-05-13 12:22 ` Stephen Smalley [this message]
2009-05-13 12:58 ` Kay Sievers
2009-05-13 12:57 ` Stephen Smalley
2009-05-13 13:09 ` Kay Sievers
2009-05-13 12:59 ` Alan Cox
2009-05-13 13:20 ` David Howells
2009-05-13 13:34 ` Kay Sievers
2009-05-13 14:20 ` Kay Sievers
2009-05-13 14:35 ` Stephen Smalley
2009-05-13 16:45 ` Kay Sievers
2009-05-13 22:43 ` Eric W. Biederman
2009-05-13 23:10 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1242217342.9974.10.camel@localhost.localdomain \
--to=sds@tycho.nsa.gov \
--cc=dhowells@redhat.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=eparis@parisplace.org \
--cc=greg@kroah.com \
--cc=gregkh@suse.de \
--cc=jblunck@suse.de \
--cc=jmorris@namei.org \
--cc=kay.sievers@vrfy.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.