Re: [RFC][PATCH] locks: Allow disabling mandatory locking at compile time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 11, 2015 at 05:22:33PM -0600, Eric W. Biederman wrote:
> Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> writes:
> 
> > On Wed, 11 Nov 2015 15:26:07 -0500
> > "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote:
> >
> >> On Wed, Nov 11, 2015 at 11:49:20AM -0600, Eric W. Biederman wrote:
> >> > 
> >> > Mandatory locking appears to be almost unused and buggy and there
> >> > appears no real interest in doing anything with it.  Since effectively
> >> > no one uses the code and since the code is buggy let's allow it to be
> >> > disabled at compile time.  I would just suggest removing the code but
> >> > undoubtedly that will break some piece of userspace code somewhere.
> >> > 
> >> > For the distributions that don't care about this piece of code
> >> > this gives a nice starting point to make mandatory locking go away.
> >> > 
> >> > Cc: Benjamin Coddington <bcodding@xxxxxxxxxx>
> >> > Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> >> > Cc: Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx>
> >> > Cc: J. Bruce Fields <bfields@xxxxxxxxxxxx>
> >> > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> >> > ---
> >> > 
> >> > A piece of userspace software having problematic interactions with
> >> > mandatory locking recently came up as an issue
> >> 
> >> Is there any more interesting story there?
> 
> Only that I overlooked them when implementing user namespace support for
> mounting filesystems so it is currently possible to without privilege to
> mount tmpfs with mandatory locking enabled and pass a file descriptor to
> a daemon that was not expecting them.  Causing nice denial of service
> attacks.
> 
> So I need to decide what to do with mandatory locking in user
> namespaces.
> 
> As the consensus of this thread is that users of mandatory locking are
> as rare as hen's teeth I can just not allow mandatory locking if you
> something is being mounted just user namespace permissions.

Sounds like a plan.  If nobody notices this limitation then that's
further evidence that we might be able to get away with deprecating it
eventually.

(Well, I wouldn't be surprised if there's some test suite somewhere that
includes a simple test for mandatory lock enforcement.  So, any user
other than that....)

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux