From: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
To: Theodore Ts'o <tytso@mit.edu>,
Seth Forshee <seth.forshee@canonical.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge.hallyn@canonical.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
Austin S Hemmelgarn <ahferroin7@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-bcache@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
Date: Fri, 4 Dec 2015 17:43:49 -0600 [thread overview]
Message-ID: <20151204234348.GA6908@mail.hallyn.com> (raw)
In-Reply-To: <20151204231152.GE18359@thunk.org>
On Fri, Dec 04, 2015 at 06:11:52PM -0500, Theodore Ts'o wrote:
> On Fri, Dec 04, 2015 at 02:45:32PM -0600, Seth Forshee wrote:
> > On Fri, Dec 04, 2015 at 02:07:36PM -0600, Serge E. Hallyn wrote:
> > > Heh, I was looking over http://www.gossamer-threads.com/lists/linux/kernel/103611
> > > a little while ago :) The same question was asked 16 years ago. Apparently
> > > the answer then was that it was easier than fixing the code.
> >
> > So it seems then that either it still isn't safe and so unprivileged
> > users shouldn't be allowed to do it at all, or else it's safe and we
> > should drop the requirement completely. I can't say which is right,
> > unfortunately.
>
> It may not have been safe 16 years agoo, but giving invalid arguments
> to FIBMAP is safe for ext4 and ext2. This is the sort of thing that
> tools like trinity should and does test for, so I think it should be
> fine to remove the root check for FIBMAP.
Seth, can I tempt you into sending a standalone patch to remove that? :)
-serge
next prev parent reply other threads:[~2015-12-04 23:43 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-02 15:40 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-04 16:26 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-12-04 16:28 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-04 16:55 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-04 17:01 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-02 15:40 ` [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-04 16:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-04 16:49 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-04 17:27 ` Serge E. Hallyn
2015-12-04 17:46 ` Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-04 18:50 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-04 19:00 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
2015-12-04 19:11 ` Serge E. Hallyn
2015-12-04 20:05 ` Theodore Ts'o
2015-12-04 20:07 ` Serge E. Hallyn
2015-12-04 20:45 ` Seth Forshee
2015-12-04 23:11 ` Theodore Ts'o
2015-12-04 23:43 ` Serge E. Hallyn [this message]
2015-12-05 6:15 ` Seth Forshee
2015-12-05 0:00 ` Andreas Dilger
2015-12-02 15:40 ` [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-04 20:36 ` Seth Forshee
2015-12-04 22:05 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-04 15:38 ` Seth Forshee
2015-12-04 20:03 ` Serge E. Hallyn
2015-12-04 20:41 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-04 20:05 ` Serge E. Hallyn
2015-12-04 20:43 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151204234348.GA6908@mail.hallyn.com \
--to=serge.hallyn@ubuntu.com \
--cc=ahferroin7@gmail.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richard.weinberger@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=serge@hallyn.com \
--cc=seth.forshee@canonical.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).