From: Andi Kleen <andi@firstfloor.org>
To: Steve French <smfrench@gmail.com>
Cc: simo <idra@samba.org>, Andi Kleen <andi@firstfloor.org>,
linux-kernel@vger.kernel.org, linux-cifs-client@lists.samba.org,
samba-technical@lists.samba.org
Subject: Re: [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg
Date: Sat, 19 Jan 2008 23:30:29 +0100 [thread overview]
Message-ID: <20080119223029.GA5786@one.firstfloor.org> (raw)
In-Reply-To: <524f69650801191406j440e52afsb9b80efed4fa15da@mail.gmail.com>
On Sat, Jan 19, 2008 at 04:06:57PM -0600, Steve French wrote:
> The access denied message in the dmesg log reveals no more information
> than strace on stat of a local file does (which also returns access
You can't strace a process you don't own. And you might not be able
to access the directory below which the file is.
But there is no such access control on "dmesg". So if there is an
access error you leak the potentially protected information in
the file name
> denied and displays access denied), but I agree that logging on
> -EACCESS on lookup does clutter the log.
>
> I think it is ok to log a message on unexpected errors (for
> QueryPathInfo those would include anything other than ENOENT and
> EACCESS - Simo, can you think of others?) I don't mind ratelimiting
> logging on this clause (for errors other than ENOENT and EACCESS) but
> it would complicate the code for a case I have not seen in the wild.
>
> I prefer the following to remove the log cluttering on this case:
That would still be an information leak for other errors.
Logging the path would be only safe if you determine that the
file and all its parent directories were world read (and accessable)able,
but that would be probably difficult.
-Andi
next prev parent reply other threads:[~2008-01-19 22:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-19 4:55 [PATCH] Remove information leak in Linux CIFS client Andi Kleen
2008-01-19 8:18 ` [linux-cifs-client] " simo
2008-01-19 22:06 ` Steve French
2008-01-19 22:30 ` Andi Kleen [this message]
2008-01-19 22:55 ` [linux-cifs-client] [PATCH] Remove information leak in Linux CIFS clientg Steve French
2008-01-19 23:25 ` Andi Kleen
2008-01-20 0:32 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080119223029.GA5786@one.firstfloor.org \
--to=andi@firstfloor.org \
--cc=idra@samba.org \
--cc=linux-cifs-client@lists.samba.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox