Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp581633imm;
        Wed, 6 Jun 2018 02:33:03 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKK4fKAiXKyRaAZbH5RiH22O5ukN0t2BqLiAOCwjhJ4hqEMdUJBeIGnZP0Gs6HKy06pzXZq3
X-Received: by 2002:a17:902:9a95:: with SMTP id w21-v6mr2414932plp.168.1528277583705;
        Wed, 06 Jun 2018 02:33:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528277583; cv=none;
        d=google.com; s=arc-20160816;
        b=ah3u39TjbAONrbbBKoBxYp7JwOz8ryI86z9HGtTaN+ecYKxC4PJc7jbdMcpn32PaZ2
         AzvVK3OgnI5p43oOk/2b8VlKi/QGVLEcoN5HcOiUgPpTH/JPfzd6b8nGFB6n82K0M903
         +zFhiGUBjOIlqz/NCMlHHnd8ZOjnQBZvpktwHIr2a37G1oAQzI7phUzA8+R5tYQjYPkd
         Jt1YMshaG3sDvTiexcLDUJ1FY9kvgiVYsRRWwP17h/D400FLWlYDOBhod9+hAmHwq6np
         2iStHnu9MARoecPtcjEii8GZGsV8U62zzfuQe7lqTpf0lI3Xm5qADCnrLpGjisu30n+E
         3Ffg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=XCtyIvlBPRXEyHSu4BSoeMhG4FNBZoVoFVc0wJd4UwQ=;
        b=yCxrYzyXezytrIM0KtsjTIHGm3hPkEnJyBQcCxLxFIMrXqfBGkHCI8uwfvG5GOHkIS
         meQe4NEz35trbvJeVCRVj5fxlyTwM+KSoI0OhrnDzZ5lPDKnWz50rZpLXNYHRvXCILim
         jQo+lA9Qohjmp70rLBPLTIxoOYMppwj6szXJFXVlInNCxVo6/ZhmxtyCtu/bfTT1liC/
         FvLzS0i9kRj5bPgZXNVa9kjhLvpVKDmw8ywS1xD8OktEkrdL3+TFhGYQ1VgQCmCSrz/o
         06zsYg2ovwtdM99ea9KjH1V4bCddGmWlvglTN45eLQ+d7J2OPsCcCxDIeLj19RmvwS1C
         9/9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=u0NIsyKQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c13-v6si7888614plo.97.2018.06.06.02.32.49;
        Wed, 06 Jun 2018 02:33:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=u0NIsyKQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932518AbeFFJcT (ORCPT <rfc822;zxj546700287@gmail.com>
        + 99 others); Wed, 6 Jun 2018 05:32:19 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:37212 "EHLO
        mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932395AbeFFJcR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Jun 2018 05:32:17 -0400
Received: by mail-wm0-f65.google.com with SMTP id r125-v6so10468189wmg.2;
        Wed, 06 Jun 2018 02:32:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=XCtyIvlBPRXEyHSu4BSoeMhG4FNBZoVoFVc0wJd4UwQ=;
        b=u0NIsyKQr3tfZnZjVoOkU+w61nSBoOsK0LlCwbOqUaZZ67FUZ3pJWK6n1DNidOMKsK
         BldFViHiDylKQsfNPU1HnQB2ydk8yxmY/YRfVQoKb0QxNStJzvhfLWOSis3FvqIWc2ZF
         dw73GUN4ySAFQd0WwqOfgk5VKCzVk2dyp0a4rWC1rv7Sz4q1H89pBP/oGp3ua7+wpoN4
         FPdSaDDp+f2xsW/FCvFHRBJwtm/vRCrN1HNSXlEvQjLyaVQpq8oVWbSNkPmDqBh5JC/T
         APdLiAAN7XXVpBPT1idfje3HqG3phOnRG8qOKzlIshu29UoTmXIk/yU914XCBX5jLbmu
         u0aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=XCtyIvlBPRXEyHSu4BSoeMhG4FNBZoVoFVc0wJd4UwQ=;
        b=RbZqMAjSDs7fghSRgxO44Z3StskJ9s49NFeCfNBX+h8g5l5fiv+F6SM93mqmQnbAsz
         uUEjJPhC2hzN8LKvd8VomicAes2AEbwsW0NE+0+9JlkZpu/AzwDtgJuw59x2wNpaTItj
         hLIWFclO0HOzfPPL7gCu2dBkWcfSVbuaL3vEMZXObOFHPcI8/C85R369FJMvAUzc52j1
         8vgS8ZnLO32+xa06tEAAt6pcciiCJjcUV1Fk7JPAIdDNa+YAvWqV/qcJrMAMAA2ELlXu
         l4qQX8MG6vKSno/uVQpwwIsN7lpbR3YeX3u33Vq4vmtzjLKfgPPlkjVzsucxnGRSq6Qd
         2o8Q==
X-Gm-Message-State: APt69E15A1bokaOnHfWfQNZ9XV179+dRe1FDoXhIhyCtXwo4xH2KB1Dz
        LUpvxLCoJ6VjT4b+xxUGCITCuXw2
X-Received: by 2002:a1c:4a0a:: with SMTP id x10-v6mr1119824wma.91.1528277535687;
        Wed, 06 Jun 2018 02:32:15 -0700 (PDT)
Received: from [10.61.0.144] (bba166563.alshamil.net.ae. [217.165.23.193])
        by smtp.gmail.com with ESMTPSA id p3-v6sm35906028wrn.31.2018.06.06.02.32.13
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 06 Jun 2018 02:32:14 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: [PATCH] ksys_mount: check for permissions before resource
 allocation
From:   Ilya Matveychikov <matvejchikov@gmail.com>
In-Reply-To: <87o9gpatxs.fsf@xmission.com>
Date:   Wed, 6 Jun 2018 13:32:12 +0400
Cc:     linux-kernel@vger.kernel.org,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <64021AF2-81EE-439C-91D4-9A33AB0D08F7@gmail.com>
References: <D2317950-0DB0-4311-ADB1-FF677B676E04@gmail.com>
 <BD48252B-65D7-4238-BDA2-71BAC1CEA855@gmail.com>
 <87o9gpatxs.fsf@xmission.com>
To:     "Eric W. Biederman" <ebiederm@xmission.com>
X-Mailer: Apple Mail (2.3445.6.18)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Jun 5, 2018, at 11:56 PM, Eric W. Biederman <ebiederm@xmission.com> =
wrote:
>=20
> Ilya Matveychikov <matvejchikov@gmail.com> writes:
>=20
>> Just CC=E2=80=99ed to some of maintainers.
>>=20
>> $ perl scripts/get_maintainer.pl =
fs/0001-ksys_mount-check-for-permissions-before-resource-all.patch
>> Alexander Viro <viro@zeniv.linux.org.uk> (maintainer:FILESYSTEMS (VFS =
and infrastructure))
>> linux-fsdevel@vger.kernel.org (open list:FILESYSTEMS (VFS and =
infrastructure))
>> linux-kernel@vger.kernel.org (open list)
>>=20
>>> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov =
<matvejchikov@gmail.com> wrote:
>>>=20
>>> Early check for mount permissions prevents possible allocation of 3
>>> pages from kmalloc() pool by unpriveledged user which can be used =
for
>>> spraying the kernel heap.
>=20
> *Snort*
>=20
> You clearly have not read may_mount.  Your modified code still
> let's unprivileged users in.  So even if all of Al's good objections
> were not applicable this change would still be buggy and wrong.
>=20
> Nacked-by: "Eric W. Biederman" <ebiederm@xmission.com>


Don=E2=80=99t get me wrong but may_mount() is:

static inline bool may_mount(void)
{
        return ns_capable(current->nsproxy->mnt_ns->user_ns, =
CAP_SYS_ADMIN);
}

What do you mean by "You clearly have not read may_mount=E2=80=9D? The =
only thing that
can affect may_mount result (as mentioned earlier) is that task=E2=80=99s =
NS capability
might be changed by security_sb_mount() hook.

So, do you think that is=E2=80=99s possible to NOT have CAP_SYS_ADMIN =
while entering to
ksys_mount() but getting it with the security_sb_mount() hook?

This is the only case I see that using may_mount() before =
security_sb_mount()
is wrong. This was the point?