Re: [patch 00/13] vfs: add helpers to check r/o bind mounts

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Erez Zadok <ezk@...>

Cc: Miklos Szeredi <miklos@...>, <akpm@...>, <torvalds@...>, <dave@...>, <mhalcrow@...>, <linux-fsdevel@...>, <linux-kernel@...>

Subject: Re: [patch 00/13] vfs: add helpers to check r/o bind mounts

Date: Thursday, April 24, 2008 - 2:13 pm

On Thu, Apr 24, 2008 at 01:29:49PM -0400, Erez Zadok wrote:
quoted text> In message <20080424142857.GF15214@ZenIV.linux.org.uk>, Al Viro writes:
> > On Thu, Apr 24, 2008 at 04:09:18PM +0200, Miklos Szeredi wrote:
> [...]
> > FWIW, I'm not all that happy about the way ecryptfs_interpose() is done,
> > while we are at it.  We get the sucker opened by whoever steps on given
> > place in the tree first, with subsequent operations done using the resulting
> > struct file.  With fallback to r/o open.  What happens to somebody who
> > tries to open it with enough permissions to do r/w?
> 
> Yes, ecryptfs_interpose() calls ecryptfs_init_persistent_file() which calls
> dentry_open(O_RDWR).  What's the proposed solution for this in the face of
> r/o vfsmounts?  How could ecryptfs avoid calling this dentry_open in the
> first place?

Doesn't have anything to do with vfsmounts (you have one to deal with and
if it's r/o, it's equivalent to just doing the entire thing on top of r/o
fs; not interesting).

No, what I'm worried about is much simpler.  Look: we have a file on
underlying fs, owned by root.root with 644 for permissions.  Comes a
luser and tries to open the counterpart of that file in ecryptfs; that
triggers ecryptfs_interpose() and attempts to open file.  Of course,
that's going to fail - it's not world-writable.  So then it (actually
ecryptfs_init_persistent_file()) falls back to opening with O_RDONLY.
Which succeeds just fine and file (opened r/o) is set as ->lower_file.

Now comes root and tries to open the damn thing r/w.  It should be able
to and if it came first it'd get it; as it is, what it gets is ->lower_file
and that puppy is opened read-only and you have no guarantee that underlying
fs will not go bonkers seeing write attempts on it (e.g. open for write
doing a bit more setup of ->private_data, etc.).

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 7:39 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Dave Hansen, (Thu May 1, 1:40 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu May 1, 4:08 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Dave Hansen, (Thu May 1, 12:40 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu May 1, 1:04 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 12:52 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 12:58 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 1:14 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 1:23 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 8:42 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 1:04 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 9:05 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 9:48 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 1:25 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 1:30 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 3:56 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:09 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 10:28 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 1:29 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 2:13 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, J. Bruce Fields, (Mon Apr 28, 5:53 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 3:40 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Michael Halcrow, (Thu Apr 24, 4:16 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts , Erez Zadok, (Thu Apr 24, 6:39 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Michael Halcrow, (Thu Apr 24, 7:33 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:36 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 10:44 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:53 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 11:12 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 11:18 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 11:38 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 11:43 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 10:00 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:16 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 10:35 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:42 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 10:48 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 10:58 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 11:21 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 11:37 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Dave Hansen, (Thu Apr 24, 1:55 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 2:47 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Al Viro, (Thu Apr 24, 11:59 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Fri Apr 25, 3:22 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Thu Apr 24, 12:16 pm)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Mon Apr 28, 6:15 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Michael Halcrow, (Mon Apr 28, 10:20 am)

Re: [patch 00/13] vfs: add helpers to check r/o bind mounts, Miklos Szeredi, (Mon Apr 28, 10:52 am)

Navigation

Popular discussions


linux-kernel:
Zach Brown	[PATCH 3 of 4] Teach paths to wake a specific void * target instead of a whole tas...
Linus Torvalds	Re: LSM conversion to static interface
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Andrew Morton	-mm merge plans for 2.6.23
git:

linux-netdev:
Gregory Haskins	[RFC PATCH 00/17] virtual-bus
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
openbsd-misc:

Colocation donated by:

Online users

Syndicate