Re: [PATCH v3 0/7] User namespace mount updates

From: Serge E. Hallyn
Date: Tue Nov 17 2015 - 12:45:36 EST

Next message: Joe Perches: "Re: [BUG] checkpatch: false positive for commits with quote characters"
Previous message: Brian Norris: "Re: [PATCH 1/7] phy: brcmstb-sata: add missing of_node_put"
In reply to: Seth Forshee: "Re: [PATCH v3 0/7] User namespace mount updates"
Next in thread: Al Viro: "Re: [PATCH v3 0/7] User namespace mount updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
> On Tue, Nov 17, 2015 at 05:05:56PM +0000, Al Viro wrote:
> > On Tue, Nov 17, 2015 at 10:39:03AM -0600, Seth Forshee wrote:
> > > Hi Eric,
> > >
> > > Here's another update to my patches for user namespace mounts, based on
> > > your for-testing branch. These patches add safeguards necessary to allow
> > > unprivileged mounts and update SELinux and Smack to safely handle
> > > device-backed mounts from unprivileged users.
> > >
> > > The v2 posting received very little in the way of feedback, so changes
> > > are minimal. I've made a trivial style change to the Smack changes at
> > > Casey's request, and I've added Stephen's ack for the SELinux changes.
> >
> > Would you mind explaining which filesystem types do you plan to allow?
> > SELinux and the rest of Linux S&M bunch do fuck-all for attacks via
> > handcrafted fs image fed to the code in fs driver that does not expect
> > a given kind of inconsistencies.
> >
> > As it is, validation of on-disk metadata is not particularly strong;
> > what's more, protection against concurrent malicious *changes* of
> > fs image (via direct writes by root) is simply inexistent.
> >
> > So what is that about?
>
> The first target is fuse, which won't be vulnerable to those attacks.
>
> Shortly after that I plan to follow with support for ext4. I've been
> fuzzing ext4 for a while now and it has held up well, and I'm currently
> working on hand-crafted attacks. Ted has commented privately (to others,
> not to me personally) that he will fix bugs for such attacks, though I
> haven't seen any public comments to that effect.

Hi,

Not privately, but during the 2014 kernel summit. The only documentation
of it I've seen is at the bottom of Paul's summary at
http://lwn.net/Articles/609376/ .
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "Re: [BUG] checkpatch: false positive for commits with quote characters"
Previous message: Brian Norris: "Re: [PATCH 1/7] phy: brcmstb-sata: add missing of_node_put"
In reply to: Seth Forshee: "Re: [PATCH v3 0/7] User namespace mount updates"
Next in thread: Al Viro: "Re: [PATCH v3 0/7] User namespace mount updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]