linux-kernel March 2009 archive
Main Archive Page > Month Archives  > linux-kernel archives
linux-kernel: Re: [PATCH] CRED: Fix check_unsafe_exec()

Re: [PATCH] CRED: Fix check_unsafe_exec()

From: David Howells <dhowells_at_nospam>
Date: Thu Mar 12 2009 - 13:23:41 GMT
To: Hugh Dickins <hugh@veritas.com>


Hugh Dickins <hugh@veritas.com> wrote:

> We do. See the original thread. It's here at
> http://lkml.org/lkml/2009/2/26/233
> and appended below for convenience. We do know that patch did not
> fix Joe's problem, and we don't yet know whether addressing the
> files->count issue will actually fix it, but I'm hopeful.

Looks reasonable. One thing that should be added, though, is a comment in struct fs_struct to give a warning about the consequences of incrementing the usage count for anything other than CLONE_FS.

David --- From: David Howells <dhowells@redhat.com> Subject: [PATCH] Annotate struct fs_struct's usage count to indicate the restrictions upon it Annotate struct fs_struct's usage count to indicate the restrictions upon it. It may not be incremented, except by clone(CLONE_FS), as this affects the check in check_unsafe_exec() in fs/exec.c. Signed-off-by: David Howells <dhowells@redhat.com> --- include/linux/fs_struct.h | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h index a97c053..b12ede4 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -4,7 +4,11 @@ #include <linux/path.h> struct fs_struct { - atomic_t count; + atomic_t count; /* This usage count is used by check_unsafe_exec() for + * security checking purposes - therefore it may not be + * incremented, except by clone(CLONE_FS). + */ + rwlock_t lock; int umask; struct path root, pwd; -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html