From: Djalal Harouni <tixxdz@opendz.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
tixxdz@gmail.com
Subject: Re: [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred
Date: Fri, 27 Sep 2013 09:34:35 +0100 [thread overview]
Message-ID: <20130927083435.GA2340@dztty> (raw)
In-Reply-To: <CA+55aFwhb8rFbd8xT0==+r_QV-m8ANm+0sFEqUfk9Qg4rYpm-w@mail.gmail.com>
On Wed, Sep 25, 2013 at 05:22:51PM -0700, Linus Torvalds wrote:
> On Wed, Sep 25, 2013 at 1:14 PM, Djalal Harouni <tixxdz@opendz.org> wrote:
> >
> > Therefor add the f_cred field to the seq_file struct and a helper
> > seq_f_cred() to return it.
>
> I hate how you've split up this patch from the next one that actually
> _initializes_ the new field.
>
> The two patches should have been one.
Ok, noted.
> I think the patch should also remove the 'user_ns' member, since it's
> now available as f_cred->user_ns.
>
> I also suspect that it would be better to just make the the new
> seq_file member point to the 'struct file' instead. Sure, it's an
> extra level of indirection, but the lifetime of f_cred is not as clear
> otherwise. You don't increment the reference count, which is correct
> *only* because 'seq_file' has the same lifetime as 'struct file', and
> thus the reference count from struct file for the f_cred is
> sufficient.
Yes.
For the seq_file struct, yes we can make it point to the 'struct file'.
Or, I've also found other ways, perhaps they will make Al happy, one of
them is to use the 'struct file' as you point, but in an other way, or
change the file_operations of these sensitive files.
Please Linus see my next response to Al, thanks
> [ Time passes, I look over the other patches ]
>
> Oh, and I note that you remove user_ns in patch 12. Again, I think
> that's just splitting things up too much. It actually gets harder to
> see what happens when you do this.
Ok, will improve it.
Will also wait to see what others think, then resend as a V2
Thanks.
>
> Linus
--
Djalal Harouni
http://opendz.org
next prev parent reply other threads:[~2013-09-27 8:34 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-25 20:14 [PATCH 0/12] procfs: protect /proc/<pid>/* files with file->f_cred Djalal Harouni
2013-09-25 20:14 ` [PATCH 01/12] procfs: add proc_same_open_cred() to check if the cred have changed Djalal Harouni
2013-09-25 20:14 ` [PATCH 02/12] procfs: add proc_allow_access() to check if file's opener may access task Djalal Harouni
2013-09-25 20:14 ` [PATCH 03/12] procfs: Document the proposed solution to protect procfs entries Djalal Harouni
2013-09-25 20:14 ` [PATCH 04/12] seq_file: Make seq_file able to access the file's opener cred Djalal Harouni
2013-09-26 0:22 ` Linus Torvalds
2013-09-26 3:02 ` Al Viro
2013-09-27 8:37 ` Djalal Harouni
2013-09-28 14:57 ` Djalal Harouni
2013-09-27 8:34 ` Djalal Harouni [this message]
2013-09-26 2:42 ` Al Viro
2013-09-25 20:14 ` [PATCH 05/12] seq_file: set the seq_file->f_cred during seq_open() Djalal Harouni
2013-09-25 20:14 ` [PATCH 06/12] procfs: make /proc/*/stack 0400 Djalal Harouni
2013-09-26 20:43 ` Kees Cook
2013-09-28 14:35 ` Djalal Harouni
2013-10-02 19:52 ` Kees Cook
2013-09-29 10:37 ` Djalal Harouni
2013-10-02 19:49 ` Kees Cook
2013-09-25 20:14 ` [PATCH 07/12] procfs: add permission checks on the file's opener of /proc/*/stack Djalal Harouni
2013-09-25 20:14 ` [PATCH 08/12] procfs: add permission checks on the file's opener of /proc/*/personality Djalal Harouni
2013-09-25 20:14 ` [PATCH 09/12] procfs: add permission checks on the file's opener of /proc/*/stat Djalal Harouni
2013-09-25 20:14 ` [PATCH 10/12] procfs: move PROC_BLOCK_SIZE declaration up to make it visible Djalal Harouni
2013-09-25 20:14 ` [PATCH 11/12] procfs: improve permission checks on /proc/*/syscall Djalal Harouni
2013-09-25 20:14 ` [PATCH 12/12] user_ns: seq_file: use the user_ns that is embedded in the f_cred struct Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130927083435.GA2340@dztty \
--to=tixxdz@opendz.org \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=serge.hallyn@ubuntu.com \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).