Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932550AbbKQRpF (ORCPT ); Tue, 17 Nov 2015 12:45:05 -0500 Received: from h2.hallyn.com ([78.46.35.8]:42868 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932408AbbKQRpD (ORCPT ); Tue, 17 Nov 2015 12:45:03 -0500 Date: Tue, 17 Nov 2015 11:45:00 -0600 From: "Serge E. Hallyn" To: Seth Forshee Cc: Al Viro , "Eric W. Biederman" , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Serge Hallyn , Andy Lutomirski , linux-kernel@vger.kernel.org, "Theodore Ts'o" Subject: Re: [PATCH v3 0/7] User namespace mount updates Message-ID: <20151117174459.GA11998@mail.hallyn.com> References: <1447778351-118699-1-git-send-email-seth.forshee@canonical.com> <20151117170556.GV22011@ZenIV.linux.org.uk> <20151117172551.GA108807@ubuntu-hedt> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151117172551.GA108807@ubuntu-hedt> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2069 Lines: 43 On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote: > On Tue, Nov 17, 2015 at 05:05:56PM +0000, Al Viro wrote: > > On Tue, Nov 17, 2015 at 10:39:03AM -0600, Seth Forshee wrote: > > > Hi Eric, > > > > > > Here's another update to my patches for user namespace mounts, based on > > > your for-testing branch. These patches add safeguards necessary to allow > > > unprivileged mounts and update SELinux and Smack to safely handle > > > device-backed mounts from unprivileged users. > > > > > > The v2 posting received very little in the way of feedback, so changes > > > are minimal. I've made a trivial style change to the Smack changes at > > > Casey's request, and I've added Stephen's ack for the SELinux changes. > > > > Would you mind explaining which filesystem types do you plan to allow? > > SELinux and the rest of Linux S&M bunch do fuck-all for attacks via > > handcrafted fs image fed to the code in fs driver that does not expect > > a given kind of inconsistencies. > > > > As it is, validation of on-disk metadata is not particularly strong; > > what's more, protection against concurrent malicious *changes* of > > fs image (via direct writes by root) is simply inexistent. > > > > So what is that about? > > The first target is fuse, which won't be vulnerable to those attacks. > > Shortly after that I plan to follow with support for ext4. I've been > fuzzing ext4 for a while now and it has held up well, and I'm currently > working on hand-crafted attacks. Ted has commented privately (to others, > not to me personally) that he will fix bugs for such attacks, though I > haven't seen any public comments to that effect. Hi, Not privately, but during the 2014 kernel summit. The only documentation of it I've seen is at the bottom of Paul's summary at http://lwn.net/Articles/609376/ . -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/