From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
To: DJ Delorie via Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: nsswitch: do not reload if "/" changes
Date: Sat, 16 Jan 2021 11:52:38 +0100 [thread overview]
Message-ID: <87pn25nog9.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <xnsg71wvbz.fsf@greed.delorie.com> (DJ Delorie via Libc-alpha's message of "Fri, 15 Jan 2021 19:59:12 -0500")
* DJ Delorie via Libc-alpha:
> diff --git a/nss/nss_database.c b/nss/nss_database.c
> index e719ec0865..580ea7b963 100644
> --- a/nss/nss_database.c
> +++ b/nss/nss_database.c
> @@ -33,6 +33,11 @@ struct nss_database_state
> {
> struct nss_database_data data;
> __libc_lock_define (, lock);
> + /* If "/" changes, we switched into a container and do NOT want to
> + reload anything. This data must be persistent across
> + reloads. */
> + ino64_t root_ino;
> + ino64_t root_dev;
> };
dev_t for root_dev?
> @@ -53,6 +58,8 @@ global_state_allocate (void *closure)
> memset (result->data.services, 0, sizeof (result->data.services));
> result->data.initialized = true;
> result->data.reload_disabled = false;
> + result->root_ino = 0;
> + result->root_dev = 0;
> __libc_lock_init (result->lock);
> }
Perhaps you can match the declaration order in the initialization?
> diff --git a/nss/nss_database.h b/nss/nss_database.h
> index 1f827e6def..f94c629174 100644
> --- a/nss/nss_database.h
> +++ b/nss/nss_database.h
> @@ -75,6 +75,10 @@ struct nss_database_data
> nss_action_list services[NSS_DATABASE_COUNT];
> int reload_disabled; /* Actually bool; int for atomic access. */
> bool initialized;
> + /* If "/" changes, we switched into a container and do NOT want to
> + reload anything. */
> + ino64_t root_ino;
> + ino64_t root_dev;
> };
>
> /* Called by fork in the parent process, before forking. */
This does not seem to be needed?
Rest looks good.
I have one remaining question: Should we load service modules after /
has changed? Disabling reloading brings us back to the old behavior in
terms of exposure to untrusted /, but maybe we can do even better and
stop loading service modules altogether? Assuming that this change is
compatible with init systems.
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
next prev parent reply other threads:[~2021-01-16 10:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-16 0:59 nsswitch: do not reload if "/" changes DJ Delorie via Libc-alpha
2021-01-16 10:52 ` Florian Weimer via Libc-alpha [this message]
2021-01-18 1:13 ` DJ Delorie via Libc-alpha
2021-01-18 10:47 ` Florian Weimer via Libc-alpha
2021-01-18 18:20 ` DJ Delorie via Libc-alpha
2021-01-19 16:37 ` Florian Weimer via Libc-alpha
2021-01-22 19:10 ` [v2] " DJ Delorie via Libc-alpha
2021-01-26 9:58 ` Florian Weimer via Libc-alpha
2021-01-26 16:19 ` DJ Delorie via Libc-alpha
2021-01-26 16:30 ` Florian Weimer via Libc-alpha
2021-01-26 16:47 ` DJ Delorie via Libc-alpha
2021-01-27 17:28 ` Carlos O'Donell via Libc-alpha
2021-01-27 18:44 ` DJ Delorie via Libc-alpha
2021-01-28 0:31 ` Joseph Myers
2021-01-28 0:34 ` DJ Delorie via Libc-alpha
2021-01-28 0:39 ` Joseph Myers
2021-01-28 1:15 ` DJ Delorie via Libc-alpha
2021-01-18 12:42 ` Andreas Schwab
2021-01-18 12:53 ` Florian Weimer via Libc-alpha
2021-01-18 18:27 ` DJ Delorie via Libc-alpha
2021-01-18 15:59 ` Carlos O'Donell via Libc-alpha
2021-01-18 16:53 ` Florian Weimer via Libc-alpha
2021-01-19 14:30 ` Carlos O'Donell via Libc-alpha
2021-01-19 14:40 ` Florian Weimer via Libc-alpha
2021-01-18 18:35 ` DJ Delorie via Libc-alpha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pn25nog9.fsf@oldenburg.str.redhat.com \
--to=libc-alpha@sourceware.org \
--cc=fweimer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).