Re: [PATCH v6] fs: clear file privilege bits when mmap writing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 10, 2016 at 10:51:52PM +0300, Konstantin Khlebnikov wrote:
> On Sun, Jan 10, 2016 at 10:30 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> > On Sun, Jan 10, 2016 at 06:48:32PM +0300, Konstantin Khlebnikov wrote:
> >> I think this should be done in mmap/mprotect. Code in sys_mmap is trivial.
> >>
> >> In sys_mprotect you can check file_needs_remove_privs() and VM_SHARED
> >> under mmap_sem, then if needed grab reference to struct file from vma and
> >> clear suid after unlocking mmap_sem.
> >
> > Which vma?  mprotect(2) can cover more than one mapping...  You'd have to
> > play interesting games to collect the set of affected struct file; it
> > _might_ be doable (e.g. by using task_work_add() to have the damn thing
> > trigger on the way to userland), but it would require some care to avoid
> > hitting the same file more than once - it might, after all, be mmapped
> > in more than one process, so racing mprotect() would need to be taken
> > into account.  Hell knows - might be doable, but I'm not sure it'll be
> > any prettier.
> 
> Ok, I didn't thought about that. mprotect don't have to be atomic for whole
> range -- we could drop mmap_sem, clear suid from one file and restart it
> for next vma and so on.

Won't be fun.  Even aside of the user-visible behaviour changes, you'll have
a lot of new corner cases, starting with the fact that you can't hold onto
vma - virtual address is the best you can do and vma you find after regaining
mmap_sem might start at lower address than one where you are restarting;
getting the splitting-related logics right will be interesting, to put it
mildly.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]