All of lore.kernel.org
 help / color / mirror / Atom feed
From: Theodore Ts'o <tytso@mit.edu>
To: Seth Forshee <seth.forshee@canonical.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Serge Hallyn <serge.hallyn@canonical.com>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	Austin S Hemmelgarn <ahferroin7@gmail.com>,
	Miklos Szeredi <miklos@szeredi.hu>,
	linux-bcache@vger.kernel.org, dm-devel@redhat.com,
	linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
	fuse-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
Date: Fri, 4 Dec 2015 18:11:52 -0500	[thread overview]
Message-ID: <20151204231152.GE18359@thunk.org> (raw)
In-Reply-To: <20151204204532.GG147214@ubuntu-hedt>

On Fri, Dec 04, 2015 at 02:45:32PM -0600, Seth Forshee wrote:
> On Fri, Dec 04, 2015 at 02:07:36PM -0600, Serge E. Hallyn wrote:
> > Heh, I was looking over http://www.gossamer-threads.com/lists/linux/kernel/103611
> > a little while ago :)  The same question was asked 16 years ago.  Apparently
> > the answer then was that it was easier than fixing the code.
> 
> So it seems then that either it still isn't safe and so unprivileged
> users shouldn't be allowed to do it at all, or else it's safe and we
> should drop the requirement completely. I can't say which is right,
> unfortunately.

It may not have been safe 16 years agoo, but giving invalid arguments
to FIBMAP is safe for ext4 and ext2.  This is the sort of thing that
tools like trinity should and does test for, so I think it should be
fine to remove the root check for FIBMAP.

							- Ted

  reply	other threads:[~2015-12-04 23:11 UTC|newest]

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-02 15:40 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-12-02 15:40   ` Seth Forshee
2015-12-04 16:28   ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-02 15:40   ` Seth Forshee
2015-12-04 16:55   ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-04 17:01   ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-02 15:40   ` Seth Forshee
2015-12-04 16:49   ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-04 19:02   ` Serge E. Hallyn
     [not found] ` <1449070821-73820-1-git-send-email-seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
2015-12-02 15:40   ` [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-02 15:40     ` Seth Forshee
     [not found]     ` <1449070821-73820-2-git-send-email-seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
2015-12-04 16:26       ` Serge E. Hallyn
2015-12-04 16:26         ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-02 15:40   ` [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 16:42     ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 17:27     ` Serge E. Hallyn
2015-12-04 17:46       ` Seth Forshee
2015-12-04 19:42         ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 18:50     ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 19:00     ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 19:02     ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 19:11     ` Serge E. Hallyn
2015-12-04 20:05       ` Theodore Ts'o
2015-12-04 20:07         ` Serge E. Hallyn
     [not found]           ` <20151204200736.GJ3624-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-12-04 20:45             ` Seth Forshee
2015-12-04 20:45               ` Seth Forshee
2015-12-04 23:11               ` Theodore Ts'o [this message]
2015-12-04 23:43                 ` Serge E. Hallyn
2015-12-05  6:15                   ` Seth Forshee
2015-12-05  0:00                 ` Andreas Dilger
2015-12-02 15:40   ` [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 15:38     ` Seth Forshee
2015-12-04 20:03     ` Serge E. Hallyn
2015-12-04 20:41       ` Seth Forshee
2015-12-04 21:57         ` Serge E. Hallyn
2015-12-02 15:40   ` [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-02 15:40     ` Seth Forshee
2015-12-04 20:05     ` Serge E. Hallyn
2015-12-04 20:43       ` Seth Forshee
2015-12-04 21:57         ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
2015-12-04 19:42   ` Serge E. Hallyn
2015-12-04 20:36     ` Seth Forshee
2015-12-04 22:05       ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151204231152.GE18359@thunk.org \
    --to=tytso@mit.edu \
    --cc=ahferroin7@gmail.com \
    --cc=dm-devel@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=fuse-devel@lists.sourceforge.net \
    --cc=linux-bcache@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=richard.weinberger@gmail.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=serge.hallyn@canonical.com \
    --cc=serge@hallyn.com \
    --cc=seth.forshee@canonical.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.