From: simo <idra@samba.org>
To: Andi Kleen <andi@firstfloor.org>
Cc: sfrench@samba.org, linux-kernel@vger.kernel.org,
linux-cifs-client@lists.samba.org,
samba-technical@lists.samba.org
Subject: Re: [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS client
Date: Sat, 19 Jan 2008 03:18:42 -0500 [thread overview]
Message-ID: <1200730722.28706.70.camel@localhost.localdomain> (raw)
In-Reply-To: <20080119045552.GA11134@basil.nowhere.org>
On Sat, 2008-01-19 at 05:55 +0100, Andi Kleen wrote:
> Fix information leak in CIFS client lookup
>
> Putting arbitary file names on lookup failures into the system log is not
> a good idea, because usually everybody can read dmesg and that is thus
> an information leak if a directory was read protected.
>
> Also changed the error printout for this case to a signed number, because
> it is normally negative and that makes it easier to read.
>
> I'm not sure the message is all that useful anyways. Perhaps it
> should be just removed completely? Or at least rate limited because
> it allows to spam the kernel log nicely.
>
> Signed-off-by: Andi Kleen <ak@suse.de>
>
> Index: linux/fs/cifs/dir.c
> ===================================================================
> --- linux.orig/fs/cifs/dir.c
> +++ linux/fs/cifs/dir.c
> @@ -518,7 +518,7 @@ cifs_lookup(struct inode *parent_dir_ino
> /* if it was once a directory (but how can we tell?) we could do
> shrink_dcache_parent(direntry); */
> } else {
> - cERROR(1, ("Error 0x%x on cifs_get_inode_info in lookup of %s",
> + cERROR(1, ("Error %d on cifs_get_inode_info in lookup of file",
> rc, full_path));
then please remove also full_path here ^^^^
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo@samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce@redhat.com>
next prev parent reply other threads:[~2008-01-19 8:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-19 4:55 [PATCH] Remove information leak in Linux CIFS client Andi Kleen
2008-01-19 8:18 ` simo [this message]
2008-01-19 22:06 ` [linux-cifs-client] " Steve French
2008-01-19 22:30 ` [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg Andi Kleen
2008-01-19 22:55 ` Steve French
2008-01-19 23:25 ` Andi Kleen
2008-01-20 0:32 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1200730722.28706.70.camel@localhost.localdomain \
--to=idra@samba.org \
--cc=andi@firstfloor.org \
--cc=linux-cifs-client@lists.samba.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox