From: Serge Hallyn <serge.hallyn@ubuntu.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
"David P. Quigley" <dpquigl@tycho.nsa.gov>,
Steve Dickson <SteveD@redhat.com>
Subject: Re: [PATCH] security: cap_inode_getsecctx returning garbage
Date: Thu, 9 May 2013 10:13:33 -0500 [thread overview]
Message-ID: <20130509151333.GA2211@tp> (raw)
In-Reply-To: <20130509140820.GB9316@fieldses.org>
Quoting J. Bruce Fields (bfields@fieldses.org):
> On Thu, May 09, 2013 at 12:49:26AM -0500, Serge Hallyn wrote:
> > Quoting J. Bruce Fields (bfields@fieldses.org):
> > > From: "J. Bruce Fields" <bfields@redhat.com>
> > >
> > > We shouldn't be returning success from this function without also
> > > filling in the return values ctx and ctxlen.
> > >
> > > Note currently this doesn't appear to cause bugs since the only
> > > inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls
> > > this if security_inode_setsecurity succeeds. Assuming
> > > security_inode_setsecurity is set to cap_inode_setsecurity whenever
> > > inode_getsecctx is set to cap_inode_getsecctx, this function can never
> > > actually called.
> > >
> > > So I noticed this only because the server labeled NFS patches add a real
> > > caller.
> > >
> > > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> >
> > Thanks, the comment in include/linux/security.h doesn't mention the
> > return value at all, but based on the other implementations this looks
> > right.
> >
> > Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
>
> Thanks! Hm, would something like this help clarify?:
>
> @@ -1412,7 +1412,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
> * @ctxlen contains the length of @ctx.
> *
> * @inode_getsecctx:
> - * Returns a string containing all relevant security context information
> + * On success, fills out @ctx and @ctxlen with the security context
> + * for the given @inode.
... and returns 0.
That would be great, thanks!
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> *
> * @inode we wish to get the security context of.
> * @ctx is a pointer in which to place the allocated security context.
>
> --b.
next prev parent reply other threads:[~2013-05-09 15:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-09 1:43 [PATCH] security: cap_inode_getsecctx returning garbage J. Bruce Fields
2013-05-09 5:49 ` Serge Hallyn
2013-05-09 14:08 ` J. Bruce Fields
2013-05-09 15:13 ` Serge Hallyn [this message]
2013-05-09 15:41 ` [PATCH] security: clarify cap_inode_getsecctx description J. Bruce Fields
2013-05-12 11:37 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130509151333.GA2211@tp \
--to=serge.hallyn@ubuntu.com \
--cc=SteveD@redhat.com \
--cc=bfields@fieldses.org \
--cc=dpquigl@tycho.nsa.gov \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox