From: Eric Biggers <ebiggers3@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
viro@zeniv.linux.org.uk, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, torvalds@linux-foundation.org,
linux-kernel@vger.kernel.org, jannh@google.com
Subject: Re: [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for superblock creation [ver #9]
Date: Wed, 11 Jul 2018 09:38:35 -0700 [thread overview]
Message-ID: <20180711163835.GB27454@gmail.com> (raw)
In-Reply-To: <22370.1531293761@warthog.procyon.org.uk>
On Wed, Jul 11, 2018 at 08:22:41AM +0100, David Howells wrote:
> Andy Lutomirski <luto@amacapital.net> wrote:
>
> > > sfd = fsopen("ext4", FSOPEN_CLOEXEC);
> > > write(sfd, "s /dev/sdb1"); // note I'm ignoring write's length arg
> >
> > Imagine some malicious program passes sfd as stdout to a setuid
> > program. That program gets persuaded to write "s /etc/shadow". What
> > happens? You’re okay as long as *every single fs* gets it right, but that’s
> > asking a lot.
>
> Do note that you must already have CAP_SYS_ADMIN to be able to call fsopen().
>
> David
Not really, by default an unprivileged user can still do:
unshare(CLONE_NEWUSER|CLONE_NEWNS);
syscall(__NR_fsopen, "ext4", 0);
- Eric
next prev parent reply other threads:[~2018-07-11 16:38 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-10 22:41 [PATCH 00/32] VFS: Introduce filesystem context [ver #9] David Howells
2018-07-10 22:41 ` [PATCH 01/32] vfs: syscall: Add open_tree(2) to reference or clone a mount " David Howells
2018-07-10 22:52 ` [MANPAGE PATCH] Add manpages for move_mount(2) and open_tree(2) David Howells
2019-10-09 9:51 ` Michael Kerrisk (man-pages)
2018-07-10 22:41 ` [PATCH 02/32] vfs: syscall: Add move_mount(2) to move mounts around [ver #9] David Howells
2018-07-10 22:41 ` [PATCH 03/32] teach move_mount(2) to work with OPEN_TREE_CLONE " David Howells
2018-07-10 22:41 ` [PATCH 04/32] vfs: Suppress MS_* flag defs within the kernel unless explicitly enabled " David Howells
2018-07-10 22:42 ` [PATCH 05/32] vfs: Introduce the basic header for the new mount API's filesystem context " David Howells
2018-07-10 22:42 ` [PATCH 06/32] vfs: Add LSM hooks for the new mount API " David Howells
2018-07-10 22:42 ` [PATCH 07/32] selinux: Implement the new mount API LSM hooks " David Howells
2018-07-11 14:08 ` Stephen Smalley
2018-07-10 22:42 ` [PATCH 08/32] smack: Implement filesystem context security " David Howells
2018-07-10 23:13 ` Casey Schaufler
2018-07-10 23:19 ` David Howells
2018-07-10 23:28 ` Casey Schaufler
2018-07-10 22:42 ` [PATCH 09/32] apparmor: Implement security hooks for the new mount API " David Howells
2018-07-10 22:42 ` [PATCH 10/32] tomoyo: " David Howells
2018-07-10 23:34 ` Tetsuo Handa
2018-07-10 22:42 ` [PATCH 11/32] vfs: Require specification of size of mount data for internal mounts " David Howells
2018-07-10 22:51 ` Linus Torvalds
2018-07-10 22:42 ` [PATCH 12/32] vfs: Separate changing mount flags full remount " David Howells
2018-07-10 22:42 ` [PATCH 13/32] vfs: Implement a filesystem superblock creation/configuration context " David Howells
2018-07-10 22:43 ` [PATCH 14/32] vfs: Remove unused code after filesystem context changes " David Howells
2018-07-10 22:43 ` [PATCH 15/32] procfs: Move proc_fill_super() to fs/proc/root.c " David Howells
2018-07-10 22:43 ` [PATCH 16/32] proc: Add fs_context support to procfs " David Howells
2018-07-10 22:43 ` [PATCH 17/32] ipc: Convert mqueue fs to fs_context " David Howells
2018-07-10 22:43 ` [PATCH 18/32] cpuset: Use " David Howells
2018-07-10 22:43 ` [PATCH 19/32] kernfs, sysfs, cgroup, intel_rdt: Support " David Howells
2018-07-10 22:43 ` [PATCH 20/32] hugetlbfs: Convert to " David Howells
2018-07-10 22:43 ` [PATCH 21/32] vfs: Remove kern_mount_data() " David Howells
2018-07-10 22:43 ` [PATCH 22/32] vfs: Provide documentation for new mount API " David Howells
2018-07-13 1:37 ` Randy Dunlap
2018-07-13 9:45 ` David Howells
2018-07-10 22:44 ` [PATCH 23/32] Make anon_inodes unconditional " David Howells
2018-07-10 22:44 ` [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for superblock creation " David Howells
2018-07-10 22:54 ` [MANPAGE PATCH] Add manpage for fsopen(2), fspick(2) and fsmount(2) David Howells
2019-10-09 9:52 ` Michael Kerrisk (man-pages)
2018-07-10 23:59 ` [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for superblock creation [ver #9] Andy Lutomirski
2018-07-11 1:05 ` Linus Torvalds
2018-07-11 1:15 ` Al Viro
2018-07-11 1:33 ` Andy Lutomirski
2018-07-11 8:43 ` David Howells
2018-07-11 1:48 ` Linus Torvalds
2018-07-11 8:42 ` David Howells
2018-07-11 16:03 ` Linus Torvalds
2018-07-11 1:14 ` Jann Horn
2018-07-11 1:16 ` Al Viro
2018-07-11 7:22 ` David Howells
2018-07-11 16:38 ` Eric Biggers [this message]
2018-07-11 17:06 ` Andy Lutomirski
2018-07-12 14:54 ` David Howells
2018-07-12 15:50 ` Linus Torvalds
2018-07-12 16:00 ` Al Viro
2018-07-12 16:07 ` Linus Torvalds
2018-07-12 16:31 ` Al Viro
2018-07-12 16:39 ` Linus Torvalds
2018-07-12 17:14 ` Linus Torvalds
2018-07-12 17:44 ` Al Viro
2018-07-12 17:54 ` Linus Torvalds
2018-07-12 17:52 ` Al Viro
2018-07-12 20:23 ` David Howells
2018-07-12 20:25 ` Andy Lutomirski
2018-07-12 20:34 ` Linus Torvalds
2018-07-12 20:36 ` Linus Torvalds
2018-07-12 21:26 ` David Howells
2018-07-12 21:40 ` Linus Torvalds
2018-07-12 22:32 ` Theodore Y. Ts'o
2018-07-12 22:54 ` David Howells
2018-07-12 23:21 ` Andy Lutomirski
2018-07-12 23:35 ` David Howells
2018-07-12 23:50 ` Andy Lutomirski
2018-07-13 0:03 ` David Howells
2018-07-13 0:24 ` Andy Lutomirski
2018-07-13 7:30 ` David Howells
2018-07-19 1:30 ` Eric W. Biederman
2018-07-12 23:23 ` Jann Horn
2018-07-12 23:33 ` Jann Horn
2018-07-13 2:35 ` Theodore Y. Ts'o
2018-07-12 16:23 ` Andy Lutomirski
2018-07-12 16:31 ` Linus Torvalds
2018-07-12 16:41 ` Al Viro
2018-07-12 16:58 ` Al Viro
2018-07-12 17:54 ` Andy Lutomirski
2018-07-12 21:00 ` David Howells
2018-07-12 21:29 ` Linus Torvalds
2018-07-13 13:27 ` David Howells
2018-07-13 15:01 ` Andy Lutomirski
2018-07-13 15:40 ` David Howells
2018-07-13 17:14 ` Andy Lutomirski
2018-07-17 9:40 ` David Howells
2018-07-11 15:51 ` Jonathan Corbet
2018-07-11 16:18 ` David Howells
2018-07-12 17:15 ` Greg KH
2018-07-12 17:20 ` Al Viro
2018-07-12 18:03 ` Greg KH
2018-07-12 18:30 ` Andy Lutomirski
2018-07-12 18:34 ` Al Viro
2018-07-12 18:35 ` Al Viro
2018-07-12 19:08 ` Greg KH
2018-07-10 22:44 ` [PATCH 25/32] vfs: syscall: Add fsmount() to create a mount for a superblock " David Howells
2018-07-10 22:44 ` [PATCH 26/32] vfs: syscall: Add fspick() to select a superblock for reconfiguration " David Howells
2018-07-10 22:44 ` [PATCH 27/32] vfs: Implement logging through fs_context " David Howells
2018-07-10 22:44 ` [PATCH 28/32] vfs: Add some logging to the core users of the fs_context log " David Howells
2018-07-10 22:44 ` [PATCH 29/32] afs: Add fs_context support " David Howells
2018-07-10 22:44 ` [PATCH 30/32] afs: Use fs_context to pass parameters over automount " David Howells
2018-07-10 22:44 ` [PATCH 31/32] vfs: syscall: Add fsinfo() to query filesystem information " David Howells
2018-07-10 22:55 ` [MANPAGE PATCH] Add manpage for fsinfo(2) David Howells
2019-10-09 9:52 ` Michael Kerrisk (man-pages)
2019-10-09 12:02 ` David Howells
2018-07-10 22:45 ` [PATCH 32/32] afs: Add fsinfo support [ver #9] David Howells
2018-07-10 23:01 ` [PATCH 00/32] VFS: Introduce filesystem context " Linus Torvalds
2018-07-12 0:46 ` David Howells
2018-07-18 21:29 ` Getting rid of the usage of write() -- was " David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180711163835.GB27454@gmail.com \
--to=ebiggers3@gmail.com \
--cc=dhowells@redhat.com \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox