Re: WARNING in ext4_invalidatepage

From: Dmitry Vyukov
Date: Tue Oct 30 2018 - 08:16:36 EST


On Tue, Oct 16, 2018 at 5:53 PM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote:
>> > The patch I referenced in my previous e-mail protects against
>> > additional scenarios where someone might be trying to punch a whole
>> > into a file that is being swapped into the bootloader ioctl. This
>> > particular ioctl isn't yet being used by anyone, so it had some other
>> > issues as well, such as not interacting well with inline_data-enabled
>> > file systems --- not that any bootloader would be small enough that it
>> > would fit in an inline_data inode, but we're basically proofing the
>> > code against a malicious (or buggy) root-privileged program... such as
>> > syzbot. :-)
>>
>> ... or paving the way to opening all of this to non-root users. Why
>> not if not bugs? ;)
>
> The intent behind this particular ioctl is used to install a boot
> loader. It will *never* be opened to non-root users. It doesn't even
> make sense to make it available to pseudo-containers-root users. :-)

But it does not have to be executed on the root fs, right? Or is it?
For example, if I need to build a bootable image (which I actually
need to do for syzkaller). In the end it boils down to just creating a
local, private file with some particular contents. Should be nobody's
business, right? But for some reason on Linux creation of a local file
requires root privileges multiple times along the way. As the result I
have run the whole service as root, degrading overall security. And I
can't say that I fully trust all code and data involved, but Linux
simply does not give me any choice.