Re: [PATCH 0/5 v2 RESEND] fs: Fixes for removing xid bits and security labels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue 05-05-15 09:13:10, Dave Chinner wrote:
> On Tue, Mar 03, 2015 at 11:38:34AM +0100, Jan Kara wrote:
> >   Hello,
> > 
> >   warning in XFS made me look into detail into how clearing of suid / sgid
> > bits and security labels is done. And I've spotted a few issues:
> > 1) MS_NOSEC handling is broken - we set it after each file_remove_suid() call.
> >    However we needn't have removed suid bit simply because we have
> >    CAP_SYS_FSID and further writes to the file from processes without this
> >    capability still need to clear the suid bit.
> > 2) file_remove_suid() is a misnomer since it also handles removing of
> >    security labels. It is even more confusing because should_remove_suid()
> >    doesn't return whether file_remove_suid() is needed or not.
> > 3) On truncate we do clear suid bits but not security labels. According to
> >    documentation in include/linux/security.h that's a bug but please correct
> >    me if I'm wrong.
> > 4) ocfs2 doesn't clear security labels - hard to fix, I left it alone for now.
> > 5) XFS didn't provide proper exclusion for clearing mode bits.
> > 
> >   This series aims at fixing above issues.
> > 
> >   Since v1 I have removed bogus patch changing inode_set_flags(), I have
> > updated changelog of patch 4/5 to better explain why ->inode_killpriv should
> > be called and I have included a fix for MS_NOSEC handling in this series.
> > Al, can you please merge the patches? Thanks!
> 
> Hi Al + Jan,
> 
> What's happening with this patchset? If it's not going to be pulled
> into the VFS, I'll just pull in a version of the XFS patch that
> corrects the locking at this point...
  I've sent the patches several times but so far they were ignored. Al?

								Honza

-- 
Jan Kara <jack@xxxxxxx>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux