Re: Re: Re: Re: Re: Re: [PATCH 1/3] switch_creds: Syscall to switch creds for file server ops

Jim Lieb <jlieb@xxxxxxxxxxx> · Fri, 1 Nov 2013 10:16:16 -0700

On Saturday, November 02, 2013 01:07:59 Tetsuo Handa wrote:
> Jim Lieb wrote:
> > On Friday, November 01, 2013 22:24:12 Tetsuo Handa wrote:
> > > Jim Lieb wrote:
> > > > Subsequent uses look like:
> > > > 	use_creds(cached fd);
> > > > 
> > > > followed by
> > > > 
> > > > 	open/creat/mknod/write
> > > > 
> > > > followed by
> > > > 
> > > > 	use_creds(-1);
> > > 
> > > Are you aware that calling commit_creds() is prohibitted between
> > > override_creds() and revert_creds() ?
> > > 
> > > If the caller does some operation that calls commit_creds() (like
> > > example below), the kernel triggers BUG().
> > 
> > Yes, I do.  I caught this in an early pass.  I only use override_creds()
> > and revert_creds().
> 
> Excuse me, but even below example will trigger BUG(). You pack
> override_creds() + open() + revert_creds() into one system call so that the
> caller of this system call shall not do something that calls commit_creds()
> ?

Ok, I see your point here.  If I do a switch_creds and the userland does 
something like seteuid before I do the revert, we are toast.  Correct?

This is an issue.  Thanks for pointing this out.  It is certainly not in my 
use case but that doesn't mean someone else won't try it.  I have some more 
work to do.
> 
> ---------- example module start ----------
> #include <linux/module.h>
> #include <linux/cred.h>
> #include <linux/fs.h>
> #include <linux/file.h>
> 
> static int __init test_init(void)
> {
>         const struct cred *orig;
>         { /* switch_cred() syscall */
>                 struct fd f = fdget(0);
>                 if (!f.file)
>                         return -EBADF;
>                 orig = override_creds(f.file->f_cred);
>                 fdput(f);
>         }
>         { /* something that calls commit_creds() */
>                 struct cred *cred = prepare_creds();
>                 if (cred)
>                         commit_creds(cred);
>         }
>         { /* restore */
>                 revert_creds(orig);
>         }
>         return 0;
> }
> 
> static void test_exit(void)
> {
> }
> 
> module_init(test_init);
> module_exit(test_exit);
> MODULE_LICENSE("GPL");
> ---------- example module end ----------

-- 
Jim Lieb
Linux Systems Engineer
Panasas Inc.

"If ease of use was the only requirement, we would all be riding tricycles"
- Douglas Engelbart 1925–2013
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html