On Wed, Mar 24, 2004 at 06:22:09PM +0200, Alex Lyashkov wrote:
> Hi Herbert
>
> I download you experimental code from
> http://vserver.13thfloor.at/Experimental/ns01
> and see you add 2 bugs in namespace switch code.
Hi Alex!
thanks for looking at the code!
> You function
> ===============
> int vc_enter_namespace(uint32_t id, void *data)
> {
> struct vx_info *vxi;
> struct namespace *old_ns;
>
> if (!vx_check(0, VX_ADMIN))
> return -ENOSYS;
>
> vxi = find_vx_info(id);
> if (!vxi)
> return -ESRCH;
>
> if (!vxi->vx_namespace)
> goto out_put;
>
> old_ns = current->namespace;
> get_namespace(vxi->vx_namespace);
> current->namespace = vxi->vx_namespace;
> put_namespace(old_ns);
>
> out_put:
> put_vx_info(vxi);
> return 0;
> }
> =============
recent patches (like 0.09.25) use the following code,
which at least has one bug you mention:
...
old_ns = current->namespace;
old_fs = current->fs;
get_namespace(vxi->vx_namespace);
current->namespace = vxi->vx_namespace;
current->fs = copy_fs_struct(vxi->vx_fs);
put_namespace(old_ns);
put_fs_struct(old_fs);
...
> well...
> first bug. You _must_ lock task before namespace switch.
> see include/linux/namaspace.h as example namespace switch code.
sounds reasonable, thanks!
> static inline void exit_namespace(struct task_struct *p)
> {
> struct namespace *namespace = p->namespace;
> if (namespace) {
> task_lock(p);
> p->namespace = NULL;
> task_unlock(p);
> put_namespace(namespace);
> }
> }
>
> ===
> second bug. you must adjust 'root' && 'altroot' && pwd and task->fs
> struct. if not do it - it`s create security hole.
> How it do see in
> namespace.c:chroot_fs_refs and and open.c:sys_chroot.
do you think the approach above isn't sufficient,
regarding root and altroot, what security hole
do you see?
> i think this references will help you fix code.
thank you,
Herbert
> --
> Alex Lyashkov <[EMAIL PROTECTED]>
> PSoft
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
