From: Greg KH <greg@kroah.com>
To: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: BUG: Securityfs and bind mounts (2.6.34)
Date: Thu, 8 Jul 2010 08:46:48 -0700 [thread overview]
Message-ID: <20100708154648.GA13923@kroah.com> (raw)
In-Reply-To: <201007081632.42069.tvrtko.ursulin@sophos.com>
On Thu, Jul 08, 2010 at 04:32:42PM +0100, Tvrtko Ursulin wrote:
> On Thursday 08 Jul 2010 16:20:59 Greg KH wrote:
> > > :) Well I do not know, but, it kind of smelled like a bug in the
> > > : vfs/mount
> > >
> > > handling/securityfs area so I thought to let experts know. I _think_ I
> > > did nothing that much wrong. Just used the exposed API
> > > (securityfs_remove) and some bind mount shuffling from userspace.
> >
> > securitfs just uses libfs underneath it, and really doesn't have any
> > bindings for module ownerships, so I wouldn't recommend doing what you
> > just did.
>
> Just do double check what you are saying, securityfs is not safe for use from
> modules? If so I would then recommend removing the exports otherwise it is an
> invitation to shoot yourself into the foot.
Hm, did you properly set the module owner of the file_operations that
you passed to securityfs? That should protect if you have an open file,
but I doubt anyone thought you would do crazy things like bind mounts on
top of a ramfs and then think it was safe to unload a lower module :)
> Also, in-three TPM driver can be built as a module so how does that
> work?
You have to be root to unload modules, and if you are that, you can do
worse things than this.
thanks,
greg k-h
next prev parent reply other threads:[~2010-07-08 15:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-08 10:12 BUG: Securityfs and bind mounts (2.6.34) Tvrtko Ursulin
2010-07-08 14:43 ` Greg KH
2010-07-08 14:55 ` Tvrtko Ursulin
2010-07-08 15:20 ` Greg KH
2010-07-08 15:32 ` Tvrtko Ursulin
2010-07-08 15:46 ` Greg KH [this message]
2010-07-08 16:14 ` Tvrtko Ursulin
2010-07-14 16:19 ` Tvrtko Ursulin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100708154648.GA13923@kroah.com \
--to=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tvrtko.ursulin@sophos.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.