Re: [PATCH 1/2] kernel/sys.c: return the current gid when error occurs

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chen Gang <gang.chen@asianux.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Oleg Nesterov <oleg@redhat.com>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	holt@sgi.com, Andrew Morton <akpm@linux-foundation.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] kernel/sys.c: return the current gid when error occurs
Date: Thu, 08 Aug 2013 09:30:11 +0800	[thread overview]
Message-ID: <5202F4A3.5070603@asianux.com> (raw)
In-Reply-To: <CALCETrVELXkdccJZQRsm_9mtXrD-8nW_sRW_p-SWNVsXcqX2Cg@mail.gmail.com>

On 08/08/2013 12:58 AM, Andy Lutomirski wrote:
> On Wed, Aug 7, 2013 at 9:21 AM, Oleg Nesterov <oleg@redhat.com> wrote:
>> On 08/06, Andy Lutomirski wrote:
>>>
>>> I assume that what the man page means is that the return value is
>>> whatever fsgid was prior to the call.  On error, fsgid isn't changed, so
>>> the return value is still "current".
>>
>> Probably... Still
>>
>>         On success, the previous value of fsuid is returned.
>>         On error, the current value of fsuid is returned.
>>
>> looks confusing. sys_setfsuid() always returns the old value.
>>
>>> (FWIW, this behavior is awful and is probably the cause of a security
>>> bug or three, since success and failure are indistinguishable.
>>
>> At least this all looks strange.
>>
>> I dunno if we can change this old behaviour. I won't be surprized
>> if someone already uses setfsuid(-1) as getfsuid().
> 

Oh, really it is.

Hmm... as a pair function, we need add getfsuid() too, if we do not add
it, it will make negative effect with setfsuid().

Since it is a system call, we have to keep compitable.

So in my opinion, better add getfsuid2()/setfsuid2() instead of current
setfsuid()

  for getfsuid2() can just reference to getuid() definition.
  for setfsuid2() can just reference to setuid() definition.
    (which can return error code when failure occurs).

If possible, I will/should sent the related patches for it.

> I suspect that changing this without introducing security or other
> bugs is impossible.  If someone wanted to add new_setfsuid that
> returned an error when it failed, that would be a different story.
> (I'm not going to do that myself.)
> 
>>
>> And perhaps the man page should be changed. Add Michael.
> 
> Agreed.  The text is a bit odd.
> 

I agree that the text is odd, since it is an system call API, we have
to change it to match our current kernel implementation which is:

  "for system call, whether succeed or not, it always return the previous value, the caller can not know whether succeed or not directly"
  "if the caller need know about success or not, the demo like below"
  "	setfsuid(new);"
  "	if (setfsuid(-1) != new)"
  "		/* report failure */" 

And better to give an additional comment:

  "currently, new system call getfsuid2()/setfsuid2() are supplied, setfsuid() is obseleted"

>>
>> Oleg.
>>
> 
> 
> 

Thanks.
-- 
Chen Gang

next prev parent reply	other threads:[~2013-08-08  1:31 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-06  8:00 [PATCH 0/2] kernel/sys.c: for setfsgid(), return the current gid when error occurs Chen Gang
2013-08-06  8:01 ` [PATCH 1/2] kernel/sys.c: " Chen Gang
2013-08-06 20:21   ` Andy Lutomirski
2013-08-07  3:30     ` Chen Gang
2013-08-07 16:21     ` Oleg Nesterov
2013-08-07 16:58       ` Andy Lutomirski
2013-08-08  1:30         ` Chen Gang [this message]
2013-08-08  1:35           ` Andy Lutomirski
2013-08-08  1:48             ` Chen Gang
2013-08-08 13:52               ` Michael Kerrisk (man-pages)
2013-08-09  0:55                 ` Chen Gang
2013-08-08 13:37       ` Michael Kerrisk (man-pages)
2013-08-09  0:59         ` Chen Gang
2013-08-09  7:27           ` Michael Kerrisk (man-pages)
2013-08-06  8:02 ` [PATCH 2/2] kernel/sys.c: remove useless variable 'old_fsgid' for setfsgid() Chen Gang
2013-08-06  8:56   ` Chen Gang
2013-08-06  8:13 ` kernel/sys.c: for setfsuid(), return the current uid when error occurs Chen Gang
2013-08-06  8:14   ` Chen Gang
2013-08-06  8:15   ` [PATCH 0/2] " Chen Gang
2013-08-06  8:15     ` [PATCH 1/2] kernel/sys.c: " Chen Gang
2013-08-06  8:16     ` [PATCH 2/2] kernel/sys.c: remove useless variable 'old_fsuid' for setfsuid() Chen Gang
2013-08-06  8:55       ` Chen Gang
2013-08-06  8:43     ` [PATCH] kernel/sys.c: improve the usage of return value Chen Gang
2013-08-07 10:44       ` Chen Gang
2013-08-06 18:36 ` [PATCH 0/2] kernel/sys.c: for setfsgid(), return the current gid when error occurs Kees Cook
2013-08-07  2:25   ` Chen Gang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5202F4A3.5070603@asianux.com \
    --to=gang.chen@asianux.com \
    --cc=akpm@linux-foundation.org \
    --cc=holt@sgi.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mtk.manpages@gmail.com \
    --cc=oleg@redhat.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox