From: Greg KH <gregkh@linuxfoundation.org>
To: Jeff Layton <jlayton@poochiereds.net>
Cc: kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Thomas Sailer <t.sailer@alumni.ethz.ch>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Johan Hovold <johan@kernel.org>, Alex Elder <elder@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
David Howells <dhowells@redhat.com>, NeilBrown <neilb@suse.com>
Subject: [kernel-hardening] Re: [PATCH 2/3] Make static usermode helper binaries constant
Date: Tue, 17 Jan 2017 17:12:27 +0100 [thread overview]
Message-ID: <20170117161227.GA12846@kroah.com> (raw)
In-Reply-To: <1484669260.2886.8.camel@poochiereds.net>
On Tue, Jan 17, 2017 at 11:07:40AM -0500, Jeff Layton wrote:
> On Tue, 2017-01-17 at 16:56 +0100, Greg KH wrote:
> > On Tue, Jan 17, 2017 at 10:45:45AM -0500, Jeff Layton wrote:
> > > On Mon, 2017-01-16 at 17:50 +0100, Greg KH wrote:
> > > > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > >
> > > > There are a number of usermode helper binaries that are "hard coded" in
> > > > the kernel today, so mark them as "const" to make it harder for someone
> > > > to change where the variables point to.
> > > >
> > > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> > > > Cc: Thomas Sailer <t.sailer@alumni.ethz.ch>
> > > > Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> > > > Cc: Johan Hovold <johan@kernel.org>
> > > > Cc: Alex Elder <elder@kernel.org>
> > > > Cc: "J. Bruce Fields" <bfields@fieldses.org>
> > > > Cc: Jeff Layton <jlayton@poochiereds.net>
> > > > Cc: David Howells <dhowells@redhat.com>
> > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> >
> >
> > > > --- a/fs/nfsd/nfs4layouts.c
> > > > +++ b/fs/nfsd/nfs4layouts.c
> > > > @@ -613,6 +613,7 @@ nfsd4_cb_layout_fail(struct nfs4_layout_stateid *ls)
> > > > {
> > > > struct nfs4_client *clp = ls->ls_stid.sc_client;
> > > > char addr_str[INET6_ADDRSTRLEN];
> > > > + static char const nfsd_recall_failed[] = "/sbin/nfsd-recall-failed";
> > > > static char *envp[] = {
> > > > "HOME=/",
> > > > "TERM=linux",
> > > > @@ -628,12 +629,13 @@ nfsd4_cb_layout_fail(struct nfs4_layout_stateid *ls)
> > > > "nfsd: client %s failed to respond to layout recall. "
> > > > " Fencing..\n", addr_str);
> > > >
> > > > - argv[0] = "/sbin/nfsd-recall-failed";
> > > > + argv[0] = (char *)nfsd_recall_failed;
> > > > argv[1] = addr_str;
> > > > argv[2] = ls->ls_file->f_path.mnt->mnt_sb->s_id;
> > > > argv[3] = NULL;
> > > >
> > > > - error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
> > > > + error = call_usermodehelper(nfsd_recall_failed, argv, envp,
> > > > + UMH_WAIT_PROC);
> > > > if (error) {
> > > > printk(KERN_ERR "nfsd: fence failed for client %s: %d!\n",
> > > > addr_str, error);
> > >
> > > Do we need a similar fix in nfsd4_umh_cltrack_upcall?
> >
> > Not that I can tell, as the call_usermodehelper() binary it calls is
> > dynamically created (it's not a static string). Unless I'm misreading
> > the code?
> >
>
> It's a module_param_string:
>
> static char cltrack_prog[PATH_MAX] = "/sbin/nfsdcltrack";
> module_param_string(cltrack_prog, cltrack_prog, sizeof(cltrack_prog),
> S_IRUGO|S_IWUSR);
> MODULE_PARM_DESC(cltrack_prog, "Path to the nfsdcltrack upcall
> program");
>
> Maybe we should consider deprecating that module parameter and make it
> const as well? I added it when I first developed that code, but I doubt
> anyone legitimately sets it.
That's fine with me, but was outside of the scope of this patch, I was
not trying to change any existing functionality :)
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: Jeff Layton <jlayton@poochiereds.net>
Cc: kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Thomas Sailer <t.sailer@alumni.ethz.ch>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Johan Hovold <johan@kernel.org>, Alex Elder <elder@kernel.org>,
"J. Bruce Fields" <bfields@fieldses.org>,
David Howells <dhowells@redhat.com>, NeilBrown <neilb@suse.com>
Subject: Re: [PATCH 2/3] Make static usermode helper binaries constant
Date: Tue, 17 Jan 2017 17:12:27 +0100 [thread overview]
Message-ID: <20170117161227.GA12846@kroah.com> (raw)
In-Reply-To: <1484669260.2886.8.camel@poochiereds.net>
On Tue, Jan 17, 2017 at 11:07:40AM -0500, Jeff Layton wrote:
> On Tue, 2017-01-17 at 16:56 +0100, Greg KH wrote:
> > On Tue, Jan 17, 2017 at 10:45:45AM -0500, Jeff Layton wrote:
> > > On Mon, 2017-01-16 at 17:50 +0100, Greg KH wrote:
> > > > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > >
> > > > There are a number of usermode helper binaries that are "hard coded" in
> > > > the kernel today, so mark them as "const" to make it harder for someone
> > > > to change where the variables point to.
> > > >
> > > > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> > > > Cc: Thomas Sailer <t.sailer@alumni.ethz.ch>
> > > > Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> > > > Cc: Johan Hovold <johan@kernel.org>
> > > > Cc: Alex Elder <elder@kernel.org>
> > > > Cc: "J. Bruce Fields" <bfields@fieldses.org>
> > > > Cc: Jeff Layton <jlayton@poochiereds.net>
> > > > Cc: David Howells <dhowells@redhat.com>
> > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> >
> >
> > > > --- a/fs/nfsd/nfs4layouts.c
> > > > +++ b/fs/nfsd/nfs4layouts.c
> > > > @@ -613,6 +613,7 @@ nfsd4_cb_layout_fail(struct nfs4_layout_stateid *ls)
> > > > {
> > > > struct nfs4_client *clp = ls->ls_stid.sc_client;
> > > > char addr_str[INET6_ADDRSTRLEN];
> > > > + static char const nfsd_recall_failed[] = "/sbin/nfsd-recall-failed";
> > > > static char *envp[] = {
> > > > "HOME=/",
> > > > "TERM=linux",
> > > > @@ -628,12 +629,13 @@ nfsd4_cb_layout_fail(struct nfs4_layout_stateid *ls)
> > > > "nfsd: client %s failed to respond to layout recall. "
> > > > " Fencing..\n", addr_str);
> > > >
> > > > - argv[0] = "/sbin/nfsd-recall-failed";
> > > > + argv[0] = (char *)nfsd_recall_failed;
> > > > argv[1] = addr_str;
> > > > argv[2] = ls->ls_file->f_path.mnt->mnt_sb->s_id;
> > > > argv[3] = NULL;
> > > >
> > > > - error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
> > > > + error = call_usermodehelper(nfsd_recall_failed, argv, envp,
> > > > + UMH_WAIT_PROC);
> > > > if (error) {
> > > > printk(KERN_ERR "nfsd: fence failed for client %s: %d!\n",
> > > > addr_str, error);
> > >
> > > Do we need a similar fix in nfsd4_umh_cltrack_upcall?
> >
> > Not that I can tell, as the call_usermodehelper() binary it calls is
> > dynamically created (it's not a static string). Unless I'm misreading
> > the code?
> >
>
> It's a module_param_string:
>
> static char cltrack_prog[PATH_MAX] = "/sbin/nfsdcltrack";
> module_param_string(cltrack_prog, cltrack_prog, sizeof(cltrack_prog),
> S_IRUGO|S_IWUSR);
> MODULE_PARM_DESC(cltrack_prog, "Path to the nfsdcltrack upcall
> program");
>
> Maybe we should consider deprecating that module parameter and make it
> const as well? I added it when I first developed that code, but I doubt
> anyone legitimately sets it.
That's fine with me, but was outside of the scope of this patch, I was
not trying to change any existing functionality :)
thanks,
greg k-h
next prev parent reply other threads:[~2017-01-17 16:12 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-16 16:49 [kernel-hardening] [PATCH 0/4] make call_usermodehelper a bit more "safe" Greg KH
2017-01-16 16:49 ` Greg KH
2017-01-16 16:50 ` [kernel-hardening] [PATCH 1/3] kmod: make usermodehelper path a const string Greg KH
2017-01-16 16:50 ` Greg KH
2017-01-16 16:50 ` [kernel-hardening] [PATCH 2/3] Make static usermode helper binaries constant Greg KH
2017-01-16 16:50 ` Greg KH
2017-01-16 21:25 ` [kernel-hardening] " J. Bruce Fields
2017-01-16 21:25 ` J. Bruce Fields
2017-01-17 7:13 ` [kernel-hardening] " Greg KH
2017-01-17 7:13 ` Greg KH
2017-01-17 15:19 ` [kernel-hardening] " J. Bruce Fields
2017-01-17 15:19 ` J. Bruce Fields
2017-01-17 15:29 ` [kernel-hardening] " Greg KH
2017-01-17 15:29 ` Greg KH
2017-01-19 12:03 ` [kernel-hardening] " Greg KH
2017-01-19 16:27 ` J. Bruce Fields
2017-01-17 15:45 ` Jeff Layton
2017-01-17 15:45 ` Jeff Layton
2017-01-17 15:56 ` [kernel-hardening] " Greg KH
2017-01-17 15:56 ` Greg KH
2017-01-17 16:07 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:07 ` Jeff Layton
2017-01-17 16:12 ` Greg KH [this message]
2017-01-17 16:12 ` Greg KH
2017-01-16 16:50 ` [kernel-hardening] [PATCH 3/3] Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper() Greg KH
2017-01-16 16:50 ` Greg KH
2017-01-17 16:20 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:20 ` Jeff Layton
2017-01-17 16:26 ` [kernel-hardening] " Greg KH
2017-01-17 16:26 ` Greg KH
2017-01-17 16:52 ` [kernel-hardening] " Jeff Layton
2017-01-17 16:52 ` Jeff Layton
2017-01-16 16:51 ` [kernel-hardening] Re: [PATCH 0/4] make call_usermodehelper a bit more "safe" Greg KH
2017-01-16 16:51 ` Greg KH
2017-01-17 17:23 ` [kernel-hardening] " Kees Cook
2017-01-17 17:23 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170117161227.GA12846@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=benh@kernel.crashing.org \
--cc=bfields@fieldses.org \
--cc=dhowells@redhat.com \
--cc=elder@kernel.org \
--cc=jlayton@poochiereds.net \
--cc=johan@kernel.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.com \
--cc=rafael.j.wysocki@intel.com \
--cc=t.sailer@alumni.ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.