From: Serge Hallyn <serge.hallyn@ubuntu.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
Steve Dickson <SteveD@redhat.com>
Subject: Re: [PATCH] security: cap_inode_getsecctx returning garbage
Date: Thu, 9 May 2013 10:13:33 -0500 [thread overview]
Message-ID: <20130509151333.GA2211@tp> (raw)
In-Reply-To: <20130509140820.GB9316@fieldses.org>
Quoting J. Bruce Fields (bfields@fieldses.org):
> On Thu, May 09, 2013 at 12:49:26AM -0500, Serge Hallyn wrote:
> > Quoting J. Bruce Fields (bfields@fieldses.org):
> > > From: "J. Bruce Fields" <bfields@redhat.com>
> > >
> > > We shouldn't be returning success from this function without also
> > > filling in the return values ctx and ctxlen.
> > >
> > > Note currently this doesn't appear to cause bugs since the only
> > > inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls
> > > this if security_inode_setsecurity succeeds. Assuming
> > > security_inode_setsecurity is set to cap_inode_setsecurity whenever
> > > inode_getsecctx is set to cap_inode_getsecctx, this function can never
> > > actually called.
> > >
> > > So I noticed this only because the server labeled NFS patches add a real
> > > caller.
> > >
> > > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> >
> > Thanks, the comment in include/linux/security.h doesn't mention the
> > return value at all, but based on the other implementations this looks
> > right.
> >
> > Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
>
> Thanks! Hm, would something like this help clarify?:
>
> @@ -1412,7 +1412,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * @ctxlen contains the length of @ctx.
> *
> * @inode_getsecctx:
> - * Returns a string containing all relevant security context information
> + * On success, fills out @ctx and @ctxlen with the security context
> + * for the given @inode.
... and returns 0.
That would be great, thanks!
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> *
> * @inode we wish to get the security context of.
> * @ctx is a pointer in which to place the allocated security context.
>
> --b.
next prev parent reply other threads:[~2013-05-09 15:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-09 1:43 [PATCH] security: cap_inode_getsecctx returning garbage J. Bruce Fields
2013-05-09 5:49 ` Serge Hallyn
2013-05-09 14:08 ` J. Bruce Fields
2013-05-09 15:13 ` Serge Hallyn [this message]
2013-05-09 15:41 ` [PATCH] security: clarify cap_inode_getsecctx description J. Bruce Fields
2013-05-12 11:37 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130509151333.GA2211@tp \
--to=serge.hallyn@ubuntu.com \
--cc=SteveD@redhat.com \
--cc=bfields@fieldses.org \
--cc=dpquigl@tycho.nsa.gov \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.