From: Al Viro <viro@zeniv.linux.org.uk>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: linux-fsdevel@vger.kernel.org,
syzbot <syzbot+0341f6a4d729d4e0acf1@syzkaller.appspotmail.com>,
jmorris@namei.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, serge@hallyn.com,
syzkaller-bugs@googlegroups.com, takedakn@nttdata.co.jp,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH] tomoyo: Don't check open/getattr permission on sockets.
Date: Tue, 18 Jun 2019 21:49:33 +0100 [thread overview]
Message-ID: <20190618204933.GE17978@ZenIV.linux.org.uk> (raw)
In-Reply-To: <a4ed1778-8b73-49d1-0ff0-59d9c6ac0af8@I-love.SAKURA.ne.jp>
On Sun, Jun 16, 2019 at 03:49:00PM +0900, Tetsuo Handa wrote:
> Hello, Al.
>
> Q1: Do you agree that we should fix TOMOYO side rather than SOCKET_I()->sk
> management.
You do realize that sockets are not unique in that respect, right?
All kinds of interesting stuff can be accessed via /proc/*/fd/*, and
it _can_ be closed under you. So I'd suggest checking how your code
copes with similar for pipes, FIFOs, epoll, etc., accessed that way...
We are _not_ going to be checking that in fs/open.c - the stuff found
via /proc/*/fd/* can have the associated file closed by the time
we get to calling ->open() and we won't know that until said call.
> Q2: Do you see any problem with using f->f_path.dentry->d_inode ?
> Do we need to use d_backing_inode() or d_inode() ?
Huh? What's wrong with file_inode(f), in the first place? And
just when can that be NULL, while we are at it?
> > static int tomoyo_inode_getattr(const struct path *path)
> > {
> > + /* It is not safe to call tomoyo_get_socket_name(). */
> > + if (path->dentry->d_inode && S_ISSOCK(path->dentry->d_inode->i_mode))
> > + return 0;
Can that be called for a negative?
next prev parent reply other threads:[~2019-06-18 20:49 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0000000000004f43fa058a97f4d3@google.com>
2019-06-06 2:08 ` KASAN: use-after-free Read in tomoyo_realpath_from_path Tetsuo Handa
2019-06-06 5:20 ` Tetsuo Handa
2019-06-09 6:41 ` [PATCH] tomoyo: Don't check open/getattr permission on sockets Tetsuo Handa
2019-06-16 6:49 ` Tetsuo Handa
2019-06-18 20:49 ` Al Viro [this message]
2019-06-22 4:45 ` [PATCH v2] " Tetsuo Handa
2019-08-22 6:30 ` Eric Biggers
2019-08-22 6:55 ` Tetsuo Handa
2019-08-22 7:01 ` Eric Biggers
2019-08-22 7:42 ` Tetsuo Handa
2019-08-22 15:47 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190618204933.GE17978@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
--cc=syzbot+0341f6a4d729d4e0acf1@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).