From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: Oren Laadan <orenl@cs.columbia.edu>
Cc: serue@us.ibm.com, Matt Helsley <matthltc@us.ibm.com>,
matthew@wil.cx, linux-fsdevel@vger.kernel.org,
Containers <containers@lists.linux-foundation.org>
Subject: Re: [PATCH 4/9][cr][v2]: Restore file_owner info
Date: Wed, 28 Jul 2010 12:25:03 -0700 [thread overview]
Message-ID: <20100728192503.GA14570@us.ibm.com> (raw)
In-Reply-To: <4C16FC14.1090001@cs.columbia.edu>
Oren Laadan [orenl@cs.columbia.edu] wrote:
| > +
| > + rcu_read_lock();
| > + pid = find_vpid(h->f_owner_pid);
|
| What if this fails - the pid is invalid/non-existent ?
Good point. ->f_owner_pid can be 0 (in the normal case) and __fsetown()
below will set the owner to NULL pid. But if ->f_owner_pid is non-zero,
we should ensure we found a valid pid - added a check for this.
|
| > + /*
| > + * TODO: Do we need to force==1 or can it be 0 ? 'force' is used to
| > + * modify the owner, if one is already set. Can it be set when
| > + * we restart an application ?
| > + */
| > + ret = __f_setown(file, pid, h->f_owner_pid_type, uid, euid, 1);
| > + rcu_read_unlock();
|
| I wonder if this would be a problem in terms of security on a
| non-container restart (e.g. not in a new pid-ns): one could set
| any pid as owner and any signal to be sent, and cause an arbitrary
| signal to be sent to an arbitrary process ?
Yes, Matt and Serge pointed it out and for now we need CAP_KILL
capability to restore an application that has file-leases.
Sukadev
next prev parent reply other threads:[~2010-07-28 19:19 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-19 3:07 [PATCH 0/9][cr][v2]: C/R file owner and posix file locks Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 1/9][cr][v2]: Add uid, euid params to f_modown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 2/9][cr][v2]: Add uid, euid params to __f_setown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 3/9][cr][v2]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 4/9][cr][v2]: Restore file_owner info Sukadev Bhattiprolu
[not found] ` <1274238452-15382-5-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-06-15 4:05 ` Oren Laadan
2010-06-15 4:05 ` Oren Laadan
2010-07-28 19:25 ` Sukadev Bhattiprolu [this message]
2010-07-28 22:20 ` Matt Helsley
[not found] ` <20100728222032.GB5657-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2010-07-29 19:00 ` Serge E. Hallyn
2010-07-29 19:00 ` Serge E. Hallyn
[not found] ` <20100728192503.GA14570-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 22:20 ` Matt Helsley
[not found] ` <4C16FC14.1090001-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 19:25 ` Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 5/9][cr][v2]: Move file_lock macros into linux/fs.h Sukadev Bhattiprolu
[not found] ` <1274238452-15382-1-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-19 3:07 ` [PATCH 1/9][cr][v2]: Add uid, euid params to f_modown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 2/9][cr][v2]: Add uid, euid params to __f_setown() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 3/9][cr][v2]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 4/9][cr][v2]: Restore file_owner info Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 5/9][cr][v2]: Move file_lock macros into linux/fs.h Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 6/9][cr][v2]: Checkpoint file-locks Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 7/9][cr][v2]: Define flock_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 8/9][cr][v2]: Define flock64_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 9/9][cr][v2]: Restore file-locks Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 6/9][cr][v2]: Checkpoint file-locks Sukadev Bhattiprolu
[not found] ` <1274238452-15382-7-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-06-15 4:13 ` Oren Laadan
2010-06-15 4:13 ` Oren Laadan
[not found] ` <4C16FDE7.7050709-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 19:26 ` Sukadev Bhattiprolu
2010-07-28 19:26 ` Sukadev Bhattiprolu
[not found] ` <20100728192649.GB14570-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 19:42 ` Oren Laadan
[not found] ` <4C50882A.4000505-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2010-07-28 21:29 ` Sukadev Bhattiprolu
2010-07-28 21:29 ` Sukadev Bhattiprolu
2010-07-28 23:39 ` Oren Laadan
[not found] ` <20100728212950.GA10505-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-07-28 23:39 ` Oren Laadan
2010-05-19 3:07 ` [PATCH 7/9][cr][v2]: Define flock_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 8/9][cr][v2]: Define flock64_set() Sukadev Bhattiprolu
2010-05-19 3:07 ` [PATCH 9/9][cr][v2]: Restore file-locks Sukadev Bhattiprolu
2010-05-26 7:48 ` steve
[not found] ` <20100526074811.GA19011-L+fFT9D4jFrt+F9gAGD92AC/G2K4zDHf@public.gmane.org>
2010-05-26 23:57 ` Sukadev Bhattiprolu
2010-05-26 23:57 ` Sukadev Bhattiprolu
[not found] ` <20100526235713.GA12768-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-06-15 4:22 ` Oren Laadan
2010-06-15 4:22 ` Oren Laadan
[not found] ` <1274238452-15382-10-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-26 7:48 ` steve-TMeXKDtMCpxBDgjK7y7TUQ
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100728192503.GA14570@us.ibm.com \
--to=sukadev@linux.vnet.ibm.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=matthltc@us.ibm.com \
--cc=orenl@cs.columbia.edu \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.