From: David Howells <dhowells@redhat.com>
To: Marc Dionne <marc.dionne@auristor.com>
Cc: David Howells <dhowells@redhat.com>,
Christian Brauner <christian@brauner.io>,
linux-afs@lists.infradead.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 2/3] afs: Add rootcell checks
Date: Tue, 7 Jan 2025 18:34:50 +0000 [thread overview]
Message-ID: <20250107183454.608451-3-dhowells@redhat.com> (raw)
In-Reply-To: <20250107183454.608451-1-dhowells@redhat.com>
Add some checks for the validity of the cell name. It's may get put into a
symlink, so preclude it containing any slashes or "..". Also disallow
starting/ending with a dot. This makes /afs/@cell/ as a symlink less of a
security risk.
Also disallow multiple setting of /proc/net/afs/rootcell for any given
network namespace. Once set, the value may not be changed. This makes it
easier to only create /afs/@cell and /afs/.@cell if there's a rootcell.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
---
fs/afs/cell.c | 8 ++++++++
fs/afs/proc.c | 8 +++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/fs/afs/cell.c b/fs/afs/cell.c
index 1aba6d4d03a9..cee42646736c 100644
--- a/fs/afs/cell.c
+++ b/fs/afs/cell.c
@@ -367,6 +367,14 @@ int afs_cell_init(struct afs_net *net, const char *rootcell)
len = cp - rootcell;
}
+ if (len == 0 || !rootcell[0] || rootcell[0] == '.' || rootcell[len - 1] == '.')
+ return -EINVAL;
+ if (memchr(rootcell, '/', len))
+ return -EINVAL;
+ cp = strstr(rootcell, "..");
+ if (cp && cp < rootcell + len)
+ return -EINVAL;
+
/* allocate a cell record for the root cell */
new_root = afs_lookup_cell(net, rootcell, len, vllist, false);
if (IS_ERR(new_root)) {
diff --git a/fs/afs/proc.c b/fs/afs/proc.c
index 15eab053af6d..e7614f4f30c2 100644
--- a/fs/afs/proc.c
+++ b/fs/afs/proc.c
@@ -240,7 +240,13 @@ static int afs_proc_rootcell_write(struct file *file, char *buf, size_t size)
/* determine command to perform */
_debug("rootcell=%s", buf);
- ret = afs_cell_init(net, buf);
+ ret = -EEXIST;
+ inode_lock(file_inode(file));
+ if (!net->ws_cell)
+ ret = afs_cell_init(net, buf);
+ else
+ printk("busy\n");
+ inode_unlock(file_inode(file));
out:
_leave(" = %d", ret);
next prev parent reply other threads:[~2025-01-07 18:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-07 18:34 [PATCH v2 0/3] afs: Dynamic root improvements David Howells
2025-01-07 18:34 ` [PATCH v2 1/3] afs: Make /afs/.<cell> as well as /afs/<cell> mountpoints David Howells
2025-01-07 18:34 ` David Howells [this message]
2025-01-07 18:34 ` [PATCH v2 3/3] afs: Make /afs/@cell and /afs/.@cell symlinks David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250107183454.608451-3-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=christian@brauner.io \
--cc=linux-afs@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.dionne@auristor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.