From: Casey Schaufler <casey@schaufler-ca.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: viro@ZenIV.linux.org.uk, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, hch@infradead.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
apw@canonical.com, nbd@openwrt.org, neilb@suse.de,
hramrach@centrum.cz, jordipujolp@gmail.com,
ezk@fsl.cs.sunysb.edu, ricwheeler@gmail.com, dhowells@redhat.com,
hpj@urpla.net, sedat.dilek@googlemail.com, penberg@kernel.org,
goran.cetusic@gmail.com, romain@orebokech.com, mszeredi@suse.cz,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH 12/13] ovl: switch to __inode_permission()
Date: Wed, 15 Aug 2012 09:59:51 -0700 [thread overview]
Message-ID: <502BD587.6090807@schaufler-ca.com> (raw)
In-Reply-To: <1345045700-9062-13-git-send-email-miklos@szeredi.hu>
On 8/15/2012 8:48 AM, Miklos Szeredi wrote:
> From: Andy Whitcroft <apw@canonical.com>
>
> When checking permissions on an overlayfs inode we do not take into
> account either device cgroup restrictions nor security permissions.
> This allows a user to mount an overlayfs layer over a restricted device
> directory and by pass those permissions to open otherwise restricted
> files.
Why is this a good idea? Either you're not including enough context
about the conditions under which this can occur, or you're suggesting
the introduction of a trivial mechanism for bypassing all file access
controls. This does not seem right.
>
> Switch over to __inode_permissions.
>
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> ---
> fs/overlayfs/inode.c | 12 +-----------
> 1 files changed, 1 insertions(+), 11 deletions(-)
>
> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> index e854720..f3a534f 100644
> --- a/fs/overlayfs/inode.c
> +++ b/fs/overlayfs/inode.c
> @@ -100,19 +100,9 @@ int ovl_permission(struct inode *inode, int mask)
> if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
> (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
> goto out_dput;
> -
> - /*
> - * Nobody gets write access to an immutable file.
> - */
> - err = -EACCES;
> - if (IS_IMMUTABLE(realinode))
> - goto out_dput;
> }
>
> - if (realinode->i_op->permission)
> - err = realinode->i_op->permission(realinode, mask);
> - else
> - err = generic_permission(realinode, mask);
> + err = __inode_permission(realinode, mask);
> out_dput:
> dput(alias);
> return err;
next prev parent reply other threads:[~2012-08-15 16:59 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 15:48 [PATCH 00/13] overlay filesystem: request for inclusion (v14) Miklos Szeredi
2012-08-15 15:48 ` [PATCH 01/13] vfs: add i_op->open() Miklos Szeredi
2012-08-15 17:21 ` J. Bruce Fields
2012-08-15 20:28 ` NeilBrown
2012-08-16 10:10 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 02/13] vfs: export do_splice_direct() to modules Miklos Szeredi
2012-08-15 15:48 ` [PATCH 03/13] vfs: introduce clone_private_mount() Miklos Szeredi
2012-08-15 15:48 ` [PATCH 04/13] overlay filesystem Miklos Szeredi
2012-08-16 6:24 ` Eric W. Biederman
2012-08-16 10:25 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 05/13] overlayfs: add statfs support Miklos Szeredi
2012-08-17 18:20 ` Ben Hutchings
2012-08-29 22:48 ` Miklos Szeredi
2012-08-30 5:54 ` Ben Hutchings
2012-08-31 12:47 ` J. R. Okajima
2012-08-15 15:48 ` [PATCH 06/13] overlayfs: implement show_options Miklos Szeredi
2012-08-15 15:48 ` [PATCH 07/13] overlay: overlay filesystem documentation Miklos Szeredi
2012-08-15 19:53 ` J. Bruce Fields
2012-08-16 10:09 ` Miklos Szeredi
2012-09-10 1:47 ` Jan Engelhardt
2012-09-10 3:18 ` NeilBrown
2012-08-15 15:48 ` [PATCH 08/13] fs: limit filesystem stacking depth Miklos Szeredi
2012-08-16 8:02 ` Sedat Dilek
2012-08-16 8:30 ` Sedat Dilek
2012-08-16 10:42 ` Miklos Szeredi
2012-08-16 13:24 ` Sedat Dilek
2012-09-03 15:05 ` Miklos Szeredi
2012-08-15 15:48 ` [PATCH 09/13] overlayfs: fix possible leak in ovl_new_inode Miklos Szeredi
2012-08-15 15:48 ` [PATCH 10/13] overlayfs: create new inode in ovl_link Miklos Szeredi
2012-08-15 15:48 ` [PATCH 11/13] vfs: export __inode_permission() to modules Miklos Szeredi
2012-08-15 17:17 ` Sedat Dilek
2012-08-15 15:48 ` [PATCH 12/13] ovl: switch to __inode_permission() Miklos Szeredi
2012-08-15 16:59 ` Casey Schaufler [this message]
2012-08-15 17:07 ` Andy Whitcroft
2012-08-15 17:34 ` Casey Schaufler
2012-08-15 15:48 ` [PATCH 13/13] overlayfs: copy up i_uid/i_gid from the underlying inode Miklos Szeredi
2012-08-15 17:14 ` [PATCH 00/13] overlay filesystem: request for inclusion (v14) Sedat Dilek
-- strict thread matches above, loose matches on Subject: below --
2012-09-20 18:55 [PATCH 00/13] overlay filesystem: request for inclusion (v15) Miklos Szeredi
2012-09-20 18:55 ` [PATCH 12/13] ovl: switch to __inode_permission() Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=502BD587.6090807@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=akpm@linux-foundation.org \
--cc=apw@canonical.com \
--cc=dhowells@redhat.com \
--cc=ezk@fsl.cs.sunysb.edu \
--cc=goran.cetusic@gmail.com \
--cc=hch@infradead.org \
--cc=hpj@urpla.net \
--cc=hramrach@centrum.cz \
--cc=jordipujolp@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@suse.cz \
--cc=nbd@openwrt.org \
--cc=neilb@suse.de \
--cc=penberg@kernel.org \
--cc=ricwheeler@gmail.com \
--cc=romain@orebokech.com \
--cc=sedat.dilek@googlemail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.