Re: [PATCH] procfs: make /proc style symlinks behave like "normal" symlinks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Layton <jlayton@xxxxxxxxxx> writes:

> On Thu, 19 Nov 2009 09:07:16 -0800
> ebiederm@xxxxxxxxxxxx (Eric W. Biederman) wrote:
>
>> 
>> Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
>> 
>> This is broken.  If the referenced file is in a different mount namespace
>> the path returned could point to a completely different path in your
>> own mount namespace.  Even in your own mount namespace this makes the
>> proc symlinks racy and not guaranteed to return the file of interest.
>> 
>> I don't see any hope of this approach ever working.
>> 
>> Eric
>> 
>
> Then is proc_pid_readlink broken in the same way?

proc_pid_readlink has the same deficiencies.  The race is fundamental
to all readlink operations, the difference is that for normal symlinks
it is a don't care, and for proc it is incorrect behavior if you follow
the symlink to the wrong file.   If you are dealing with a file in a
different namespace or a socket what you get back doesn't actually
work as a file in your local namespace but that is the best we can do
with a pathname, and if you know the context of what is going on readlink
is still useful.

Adding all of the short comings to followlink that readlink has is a problem,
especially as followlink does much better now.

At a practical level I think your changes are much easier to exploit than
Pavels contrived example.

I really don't have any problems with your first patch to proc to add the
missing revalidate.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux