From: Andy Whitcroft <apw@canonical.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
viro@ZenIV.linux.org.uk, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, hch@infradead.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
nbd@openwrt.org, neilb@suse.de, hramrach@centrum.cz,
jordipujolp@gmail.com, ezk@fsl.cs.sunysb.edu,
ricwheeler@gmail.com, dhowells@redhat.com, hpj@urpla.net,
sedat.dilek@googlemail.com, penberg@kernel.org,
goran.cetusic@gmail.com, romain@orebokech.com, mszeredi@suse.cz
Subject: Re: [PATCH 12/13] ovl: switch to __inode_permission()
Date: Wed, 15 Aug 2012 18:07:58 +0100 [thread overview]
Message-ID: <20120815170758.GP29100@dm> (raw)
In-Reply-To: <502BD587.6090807@schaufler-ca.com>
On Wed, Aug 15, 2012 at 09:59:51AM -0700, Casey Schaufler wrote:
> On 8/15/2012 8:48 AM, Miklos Szeredi wrote:
> > From: Andy Whitcroft <apw@canonical.com>
> >
> > When checking permissions on an overlayfs inode we do not take into
> > account either device cgroup restrictions nor security permissions.
> > This allows a user to mount an overlayfs layer over a restricted device
> > directory and by pass those permissions to open otherwise restricted
> > files.
>
> Why is this a good idea? Either you're not including enough context
> about the conditions under which this can occur, or you're suggesting
> the introduction of a trivial mechanism for bypassing all file access
> controls. This does not seem right.
It is stating that the unprotected case is how things was before this
patch switches us over to __inode_permisssions. The patch is closing
the hole indicated.
-apw
> >
> > Switch over to __inode_permissions.
> >
> > Signed-off-by: Andy Whitcroft <apw@canonical.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> > ---
> > fs/overlayfs/inode.c | 12 +-----------
> > 1 files changed, 1 insertions(+), 11 deletions(-)
> >
> > diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> > index e854720..f3a534f 100644
> > --- a/fs/overlayfs/inode.c
> > +++ b/fs/overlayfs/inode.c
> > @@ -100,19 +100,9 @@ int ovl_permission(struct inode *inode, int mask)
> > if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
> > (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
> > goto out_dput;
> > -
> > - /*
> > - * Nobody gets write access to an immutable file.
> > - */
> > - err = -EACCES;
> > - if (IS_IMMUTABLE(realinode))
> > - goto out_dput;
> > }
> >
> > - if (realinode->i_op->permission)
> > - err = realinode->i_op->permission(realinode, mask);
> > - else
> > - err = generic_permission(realinode, mask);
> > + err = __inode_permission(realinode, mask);
> > out_dput:
> > dput(alias);
> > return err;
>
next prev parent reply other threads:[~2012-08-15 17:07 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 15:48 [PATCH 00/13] overlay filesystem: request for inclusion (v14) Miklos Szeredi
2012-08-15 15:48 ` [PATCH 01/13] vfs: add i_op->open() Miklos Szeredi
2012-08-15 17:21 ` J. Bruce Fields
2012-08-15 20:28 ` NeilBrown
2012-08-16 10:10 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 02/13] vfs: export do_splice_direct() to modules Miklos Szeredi
2012-08-15 15:48 ` [PATCH 03/13] vfs: introduce clone_private_mount() Miklos Szeredi
2012-08-15 15:48 ` [PATCH 04/13] overlay filesystem Miklos Szeredi
2012-08-16 6:24 ` Eric W. Biederman
2012-08-16 10:25 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 05/13] overlayfs: add statfs support Miklos Szeredi
2012-08-17 18:20 ` Ben Hutchings
2012-08-29 22:48 ` Miklos Szeredi
2012-08-30 5:54 ` Ben Hutchings
2012-08-31 12:47 ` J. R. Okajima
2012-08-15 15:48 ` [PATCH 06/13] overlayfs: implement show_options Miklos Szeredi
2012-08-15 15:48 ` [PATCH 07/13] overlay: overlay filesystem documentation Miklos Szeredi
2012-08-15 19:53 ` J. Bruce Fields
2012-08-16 10:09 ` Miklos Szeredi
2012-09-10 1:47 ` Jan Engelhardt
2012-09-10 3:18 ` NeilBrown
2012-08-15 15:48 ` [PATCH 08/13] fs: limit filesystem stacking depth Miklos Szeredi
2012-08-16 8:02 ` Sedat Dilek
2012-08-16 8:30 ` Sedat Dilek
2012-08-16 10:42 ` Miklos Szeredi
2012-08-16 13:24 ` Sedat Dilek
2012-09-03 15:05 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 09/13] overlayfs: fix possible leak in ovl_new_inode Miklos Szeredi
2012-08-15 15:48 ` [PATCH 10/13] overlayfs: create new inode in ovl_link Miklos Szeredi
2012-08-15 15:48 ` [PATCH 11/13] vfs: export __inode_permission() to modules Miklos Szeredi
2012-08-15 17:17 ` Sedat Dilek
2012-08-15 15:48 ` [PATCH 12/13] ovl: switch to __inode_permission() Miklos Szeredi
2012-08-15 16:59 ` Casey Schaufler
2012-08-15 17:07 ` Andy Whitcroft [this message]
2012-08-15 17:34 ` Casey Schaufler
2012-08-15 15:48 ` [PATCH 13/13] overlayfs: copy up i_uid/i_gid from the underlying inode Miklos Szeredi
2012-08-15 17:14 ` [PATCH 00/13] overlay filesystem: request for inclusion (v14) Sedat Dilek
-- strict thread matches above, loose matches on Subject: below --
2012-09-20 18:55 [PATCH 00/13] overlay filesystem: request for inclusion (v15) Miklos Szeredi
2012-09-20 18:55 ` [PATCH 12/13] ovl: switch to __inode_permission() Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120815170758.GP29100@dm \
--to=apw@canonical.com \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=ezk@fsl.cs.sunysb.edu \
--cc=goran.cetusic@gmail.com \
--cc=hch@infradead.org \
--cc=hpj@urpla.net \
--cc=hramrach@centrum.cz \
--cc=jordipujolp@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@suse.cz \
--cc=nbd@openwrt.org \
--cc=neilb@suse.de \
--cc=penberg@kernel.org \
--cc=ricwheeler@gmail.com \
--cc=romain@orebokech.com \
--cc=sedat.dilek@googlemail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.