[GIT PULL] nsfd fixes

[GIT PULL] nsfd fixes

[Eric W. Biederman]

Linus,

When looking over my namespace file descriptor code I realized I goofed
in the implementation.  I missed the addition of d_set_d_op, and
painfully I badly placed the ptrace_may_read permission checks with the
result that the dcache could cache things and bypass the checks.

The fixes are available at.
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd.git


Eric W. Biederman (2):
      proc: Use d_set_d_op in the namespace file descriptor code
      proc: Fix the proc access checks to namespace files.

 fs/proc/inode.c      |    6 +-
 fs/proc/namespaces.c |  160 +++++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 142 insertions(+), 24 deletions(-)


commit 7e05c935c50ab5c9ee488c411252076825ec2919
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Sat Jun 18 17:48:18 2011 -0700

    proc: Fix the proc access checks to namespace files.
    
    Access to namespace files needs to be restricted with
    ptrace_may_read in proc to avoid unecessary information leaks
    about processes and to avoid processes that could not otherwise
    extend the lifetime of a namespace from opening a namespace file
    and extending that lifetime.
    
    Add magic symlinks to the namespace files, so that we won't cache
    the dentries for the namespace files in a way that can bypass the
    ptrace_may_access checks.
    
    Remove the accident of the initial implementation that made
    namespace files depend on pids and tasks, and change the
    namespace files to be their own entities with their own dentry
    and inode operations. The new namespace dentry operations
    specify a policy of not caching namespace dentries when not in
    use.  Not caching unused namespace dentries makes it easy to
    verify the dcache won't keep namespaces alive longer than
    necessary.
    
    Change the owner of namespace files to root as derving the
    ownership of namespace files from a process is no longer possible
    as namespace files are no longer implemented as per process
    entities.  Namespace files being read only as root is safe and
    changes nothing in practice as the kernel interfaces that take
    namespace file descriptors require root capabilities.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

commit b20c223833c931700f88ec53a54e2f95d0e01052
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Sat Jun 18 23:34:09 2011 -0700

    proc: Use d_set_d_op in the namespace file descriptor code
    
    Without this none of the pid_dentry_operations methods will
    be called and we can slowly leak namespace file descriptors.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Re: [GIT PULL] nsfd fixes

[Linus Torvalds]

On Tue, Jun 21, 2011 at 3:07 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
>
> When looking over my namespace file descriptor code I realized I goofed
> in the implementation.  I missed the addition of d_set_d_op, and
> painfully I badly placed the ptrace_may_read permission checks with the
> result that the dcache could cache things and bypass the checks.
>
> The fixes are available at.
> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd.git

Why do you talk about nfsd fixes in both the repository name and in
the subject line? This seems to have nothing to do with nfsd except in
the crazy sense of somebody trying to export /proc with nfs.

Not pulled due to extreme confusion and craziness.

                   Linus

Re: [GIT PULL] nsfd fixes

[Mike Snitzer]

On Tue, Jun 21, 2011 at 9:25 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Tue, Jun 21, 2011 at 3:07 PM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
>>
>> When looking over my namespace file descriptor code I realized I goofed
>> in the implementation.  I missed the addition of d_set_d_op, and
>> painfully I badly placed the ptrace_may_read permission checks with the
>> result that the dcache could cache things and bypass the checks.
>>
>> The fixes are available at.
>> git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd.git
>
> Why do you talk about nfsd fixes in both the repository name and in
> the subject line? This seems to have nothing to do with nfsd except in
> the crazy sense of somebody trying to export /proc with nfs.
>
> Not pulled due to extreme confusion and craziness.

I had to read it a couple times too: nSFd not nFSd.

As in Name Space File Descriptors.

Re: [GIT PULL] nsfd fixes

[Linus Torvalds]

On Tue, Jun 21, 2011 at 6:29 PM, Mike Snitzer <snitzer@gmail.com> wrote:
>
> I had to read it a couple times too: nSFd not nFSd.
>
> As in Name Space File Descriptors.

Ok, that's just even crazier.

Eric, stop making up random letter combinations that make sense to
NOBODY but you. Ok?

If you can't be bothered to write a few more letters and make things
readable, why would you expect anybody else to bother spending the
time looking at your emails?

                       Linus