From: Pavel Machek <pavel@ucw.cz>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Jann Horn <jannh@google.com>, Richard Henderson <rth@twiddle.net>,
Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
Matt Turner <mattst88@gmail.com>,
linux-fsdevel@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fs: don't let getdents return bogus names
Date: Sun, 29 Jul 2018 13:37:55 +0200 [thread overview]
Message-ID: <20180729113755.GB7333@amd> (raw)
In-Reply-To: <20180716195657.GO30522@ZenIV.linux.org.uk>
[-- Attachment #1: Type: text/plain, Size: 1069 bytes --]
On Mon 2018-07-16 20:56:57, Al Viro wrote:
> On Mon, Jul 16, 2018 at 09:48:43PM +0200, Jann Horn wrote:
> > When you e.g. run `find` on a directory for which getdents returns
> > "filenames" that contain slashes, `find` passes those "filenames" back to
> > the kernel, which then interprets them as paths. That could conceivably
> > cause userspace to do something bad when accessing something like an
> > untrusted USB stick, but I'm not aware of any specific example.
> >
> > Instead of returning bogus filenames to userspace, return -EUCLEAN.
>
> Because there's such a lot of userland code that expect and handles that
> error value...
>
> I'm not sure if this mitigation is actually better than "just return it
> as-is", TBH.
Well, userspace should handle errors.. it may not understand what this
particular error means, but that's still better than risking issues
with / in path....
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-07-29 11:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 19:48 [PATCH] fs: don't let getdents return bogus names Jann Horn
2018-07-16 19:56 ` Al Viro
2018-07-16 20:20 ` Jann Horn
2018-07-19 0:50 ` Dave Chinner
2018-07-29 11:37 ` Pavel Machek [this message]
2018-07-16 21:47 ` kbuild test robot
2018-07-16 21:47 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180729113755.GB7333@amd \
--to=pavel@ucw.cz \
--cc=adilger.kernel@dilger.ca \
--cc=ebiederm@xmission.com \
--cc=ink@jurassic.park.msu.ru \
--cc=jannh@google.com \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mattst88@gmail.com \
--cc=rth@twiddle.net \
--cc=tytso@mit.edu \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).