From: Michael Halcrow <mhalcrow@us.ibm.com>
To: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Cc: Christoph Hellwig <hch@infradead.org>,
Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, Chris Wright <chrisw@osdl.org>,
Serge Hallyn <serue@us.ibm.com>,
mhalcrow@us.ibm.com
Subject: Re: [patch 2/7] BSD Secure Levels: move bd claim from inode to filp
Date: Tue, 17 May 2005 14:46:17 -0500 [thread overview]
Message-ID: <20050517194616.GA14957@halcrow.us> (raw)
In-Reply-To: <20050517164922.GA29811@parcelfarce.linux.theplanet.co.uk>
Al -
Thank you for your feedback. I believe that most of your concerns are
addressed with this set of patches.
On Tue, May 17, 2005 at 05:49:22PM +0100, Al Viro wrote:
> On Tue, May 17, 2005 at 05:09:00PM +0100, Christoph Hellwig wrote:
> > On Tue, May 17, 2005 at 10:25:46AM -0500, Michael Halcrow wrote:
> > > +/**
> > > + * Claim the blockdev to exclude mounters; release on file close.
> > > + */
> > > +static int seclvl_bd_claim(struct file *filp)
> > > {
> > > - int holder;
> > > struct block_device *bdev = NULL;
> > > - dev_t dev = inode->i_rdev;
> > > + dev_t dev = filp->f_dentry->d_inode->i_rdev;
> > > bdev = open_by_devnum(dev, FMODE_WRITE);
> > > if (bdev) {
> > > - if (bd_claim(bdev, &holder)) {
> > > + if (bd_claim(bdev, filp)) {
> > > blkdev_put(bdev);
> > > return -EPERM;
> > > }
> > > - /* claimed, mark it to release on close */
> > > - inode->i_security = current;
> > > + /* Claimed; mark it to release on close */
> > > + filp->f_security = filp;
> > > }
> > > return 0;
> >
> > While we're at it this code is crap before and after your patch.
> > There's absolutely no point at all to use open_by_devnum if you
> > already have an inode or file that you can get the struct
> > block_device from easily.
>
> It's worse than you think. No, they do *not* necessary have
> block_device there. Guess what happens if some clown calls
> e.g. utime("/dev/sda", NULL)? That's right, we go checking if we
> have write permissions on the file in question.
In my tests, utime() does not cause file_permission() to be called.
> Use of current in setting/checking ->i_security is a bad joke.
The patch fixes this:
- /* claimed, mark it to release on close */
- inode->i_security = current;
+ /* Claimed; mark it to release on close */
+ filp->f_security = filp
...
> d) cargo-cult programming: ->f_dentry and ->f_dentry->d_inode are
> *not* NULL, TYVM.
Exactly what code are you refering to here?
> While we are at it... Guys, you do realize that registering an
> object and then deciding to bail out of module_init requires
> unregistering it?
Thanks; this is fixed in the next round of patches.
Mike
next prev parent reply other threads:[~2005-05-17 19:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-17 15:23 [patch 1/7] BSD Secure Levels: printk overhaul Michael Halcrow
2005-05-17 15:25 ` [patch 2/7] BSD Secure Levels: move bd claim from inode to filp Michael Halcrow
2005-05-17 16:09 ` Christoph Hellwig
2005-05-17 16:49 ` Al Viro
2005-05-17 16:57 ` Al Viro
2005-05-17 19:46 ` Michael Halcrow [this message]
2005-05-17 20:13 ` Al Viro
2005-05-17 15:26 ` [patch 3/7] BSD Secure Levels: allow suid and sgid on directories Michael Halcrow
2005-05-17 15:27 ` [patch 4/7] BSD Secure Levels: memory alloc failure check Michael Halcrow
2005-05-17 17:27 ` Alexey Dobriyan
2005-05-17 15:30 ` [patch 5/7] BSD Secure Levels: allow setuid/setgid on root user processes Michael Halcrow
2005-05-17 15:31 ` [patch 6/7] BSD Secure Levels: trivial code and comment changes Michael Halcrow
2005-05-17 15:31 ` [patch 7/7] BSD Secure Levels: remove redundant ptrace check Michael Halcrow
2005-05-17 17:33 ` [patch 1/7] BSD Secure Levels: printk overhaul dean gaudet
2005-05-19 1:29 ` Dave Hansen
2005-05-19 10:39 ` Bernd Petrovitsch
2005-05-19 20:55 ` [updated patch " Michael Halcrow
2005-05-19 21:41 ` Michael Halcrow
2005-05-20 5:19 ` aq
2005-05-20 15:03 ` [updated patch 2/7] BSD Secure Levels: bd_claim fixes Michael Halcrow
2005-05-20 15:06 ` [updated patch 3/7] BSD Secure Levels: allow suid and sgid on directories Michael Halcrow
2005-05-20 15:09 ` [updated patch 4/7] BSD Secure Levels: memory alloc failure check Michael Halcrow
2005-05-20 15:10 ` [updated patch 5/7] BSD Secure Levels: allow setuid/setgid on root user processes Michael Halcrow
2005-05-20 15:13 ` [updated patch 6/7] BSD Secure Levels: trivial code and comment changes Michael Halcrow
2005-05-20 15:15 ` [updated patch 7/7] BSD Secure Levels: remove redundant ptrace check Michael Halcrow
2005-05-20 15:20 ` [patch 8/7] BSD Secure Levels: unregister on sysfs failure Michael Halcrow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050517194616.GA14957@halcrow.us \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.