From: Matthew Wilcox <willy@infradead.org>
To: Linus Torvalds <torvalds@linuxfoundation.org>
Cc: ansgar.loesser@kom.tu-darmstadt.de,
"Darrick J. Wong" <djwong@kernel.org>,
"Christoph Hellwig" <hch@lst.de>,
"Amir Goldstein" <amir73il@gmail.com>,
"Mark Fasheh" <mark@fasheh.com>,
"Josef Bacik" <josef@toxicpanda.com>,
"Miklos Szeredi" <mszeredi@redhat.com>,
"Al Viro" <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
"Security Officers" <security@kernel.org>,
"Max Schlecht" <max.schlecht@informatik.hu-berlin.de>,
"Björn Scheuermann" <scheuermann@kom.tu-darmstadt.de>
Subject: Re: Information Leak: FIDEDUPERANGE ioctl allows reading writeonly files
Date: Tue, 12 Jul 2022 19:43:35 +0100 [thread overview]
Message-ID: <Ys3A16T3hwe9M+T2@casper.infradead.org> (raw)
In-Reply-To: <CAHk-=wjrOgiWfN2uWf8Ajgr4SjeWMkEJ1Sd=H6pnS_JLjJwTcQ@mail.gmail.com>
On Tue, Jul 12, 2022 at 10:33:01AM -0700, Linus Torvalds wrote:
> [ Adding random people who get blamed for lines in this remap_range
> thing to the participants ]
>
> On Tue, Jul 12, 2022 at 5:11 AM Ansgar Lößer
> <ansgar.loesser@tu-darmstadt.de> wrote:
> >
> > using the deduplication API we found out, that the FIDEDUPERANGE ioctl
> > syscall can be used to read a writeonly file.
>
> So I think your patch is slightly wrong, but I think this is worth
> fixing - just likely differently.
I'm going to leave discussing the permissions aspect to the experts in
that realm, but from a practical point of view, why do we allow the dedupe
ioctl to investigate arbitrary byte ranges? If you're going to dedupe,
it has to be block aligned (both start and length). If we enforce that
in the ioctl, this attack becomes impractical (maybe you can investigate
512-byte blobs of an 8192-bit key, but we seem to max out at 4096-bit
keys before switching to a fundamentally harder algorithm).
next prev parent reply other threads:[~2022-07-12 18:49 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 12:11 Information Leak: FIDEDUPERANGE ioctl allows reading writeonly files Ansgar Lößer
2022-07-12 17:33 ` Linus Torvalds
2022-07-12 18:43 ` Matthew Wilcox [this message]
2022-07-12 18:47 ` Linus Torvalds
2022-07-12 18:51 ` Linus Torvalds
2022-07-12 19:02 ` Josef Bacik
2022-07-12 19:07 ` Linus Torvalds
2022-07-12 19:23 ` Linus Torvalds
2022-07-12 20:03 ` Josef Bacik
2022-07-12 20:48 ` Linus Torvalds
2022-07-13 0:48 ` Darrick J. Wong
2022-07-13 2:58 ` Linus Torvalds
2022-07-13 4:14 ` Linus Torvalds
2022-07-13 6:46 ` Dave Chinner
2022-07-13 7:49 ` [PATCH] fs/remap: constrain dedupe of EOF blocks Dave Chinner
2022-07-13 8:19 ` Linus Torvalds
2022-07-13 17:18 ` Ansgar Lößer
2022-07-13 17:26 ` Linus Torvalds
2022-07-13 18:51 ` [PATCH] vf/remap: return the amount of bytes actually deduplicated Ansgar Lößer
2022-07-13 19:09 ` Linus Torvalds
2022-07-14 0:22 ` Dave Chinner
2022-07-14 1:03 ` Linus Torvalds
2022-07-16 21:15 ` Mark Fasheh
2022-07-14 22:32 ` Dave Chinner
2022-07-14 22:42 ` Linus Torvalds
2022-07-14 23:15 ` Dave Chinner
2022-07-13 8:16 ` Information Leak: FIDEDUPERANGE ioctl allows reading writeonly files Linus Torvalds
2022-07-13 23:48 ` Dave Chinner
2022-07-13 17:17 ` Ansgar Lößer
2022-07-13 17:16 ` Ansgar Lößer
2022-07-13 22:43 ` Dave Chinner
2022-07-13 17:14 ` Ansgar Lößer
2022-07-13 18:03 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ys3A16T3hwe9M+T2@casper.infradead.org \
--to=willy@infradead.org \
--cc=amir73il@gmail.com \
--cc=ansgar.loesser@kom.tu-darmstadt.de \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=josef@toxicpanda.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=max.schlecht@informatik.hu-berlin.de \
--cc=mszeredi@redhat.com \
--cc=scheuermann@kom.tu-darmstadt.de \
--cc=security@kernel.org \
--cc=torvalds@linuxfoundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).