vserver development mailing list: Re: [Vserver] bugs in new namespace code

Re: [Vserver] bugs in new namespace code:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 25 Mar 2004 - 10:45:44 GMT

Previous message: Herbert Poetzl: "[Vserver] reiserfs and barrier ..."
In reply to: Alex Lyashkov: "[Vserver] bugs in new namespace code"
Next in thread: Alex Lyashkov: "Re: [Vserver] bugs in new namespace code"
Reply: Alex Lyashkov: "Re: [Vserver] bugs in new namespace code"

On Wed, Mar 24, 2004 at 06:22:09PM +0200, Alex Lyashkov wrote:
> Hi Herbert
>
> I download you experimental code from
> http://vserver.13thfloor.at/Experimental/ns01
> and see you add 2 bugs in namespace switch code.

Hi Alex!

thanks for looking at the code!

> You function
> ===============
> int vc_enter_namespace(uint32_t id, void *data)
> {
> struct vx_info *vxi;
> struct namespace *old_ns;
>
> if (!vx_check(0, VX_ADMIN))
> return -ENOSYS;
>
> vxi = find_vx_info(id);
> if (!vxi)
> return -ESRCH;
>
> if (!vxi->vx_namespace)
> goto out_put;
>
> old_ns = current->namespace;
> get_namespace(vxi->vx_namespace);
> current->namespace = vxi->vx_namespace;
> put_namespace(old_ns);
>
> out_put:
> put_vx_info(vxi);
> return 0;
> }
> =============

recent patches (like 0.09.25) use the following code,
which at least has one bug you mention:

...
        old_ns = current->namespace;
        old_fs = current->fs;
        get_namespace(vxi->vx_namespace);
        current->namespace = vxi->vx_namespace;
        current->fs = copy_fs_struct(vxi->vx_fs);
        put_namespace(old_ns);
        put_fs_struct(old_fs);
...

> well...
> first bug. You _must_ lock task before namespace switch.
> see include/linux/namaspace.h as example namespace switch code.

sounds reasonable, thanks!

> static inline void exit_namespace(struct task_struct *p)
> {
> struct namespace *namespace = p->namespace;
> if (namespace) {
> task_lock(p);
> p->namespace = NULL;
> task_unlock(p);
> put_namespace(namespace);
> }
> }
>
> ===
> second bug. you must adjust 'root' && 'altroot' && pwd and task->fs
> struct. if not do it - it`s create security hole.
> How it do see in
> namespace.c:chroot_fs_refs and and open.c:sys_chroot.

do you think the approach above isn't sufficient,
regarding root and altroot, what security hole
do you see?

> i think this references will help you fix code.

thank you,
Herbert

> --
> Alex Lyashkov <shadow_at_psoft.net>
> PSoft
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Herbert Poetzl: "[Vserver] reiserfs and barrier ..."
In reply to: Alex Lyashkov: "[Vserver] bugs in new namespace code"
Next in thread: Alex Lyashkov: "Re: [Vserver] bugs in new namespace code"
Reply: Alex Lyashkov: "Re: [Vserver] bugs in new namespace code"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 25 Mar 2004 - 10:47:13 GMT by hypermail 2.1.3