Re: nsswitch: do not reload if "/" changes - Florian Weimer via Libc-alpha

unofficial mirror of libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>
To: DJ Delorie via Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: nsswitch: do not reload if "/" changes
Date: Sat, 16 Jan 2021 11:52:38 +0100	[thread overview]
Message-ID: <87pn25nog9.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <xnsg71wvbz.fsf@greed.delorie.com> (DJ Delorie via Libc-alpha's message of "Fri, 15 Jan 2021 19:59:12 -0500")

* DJ Delorie via Libc-alpha:

> diff --git a/nss/nss_database.c b/nss/nss_database.c
> index e719ec0865..580ea7b963 100644
> --- a/nss/nss_database.c
> +++ b/nss/nss_database.c
> @@ -33,6 +33,11 @@ struct nss_database_state
>  {
>    struct nss_database_data data;
>    __libc_lock_define (, lock);
> +  /* If "/" changes, we switched into a container and do NOT want to
> +     reload anything.  This data must be persistent across
> +     reloads.  */
> +  ino64_t root_ino;
> +  ino64_t root_dev;
>  };

dev_t for root_dev?

> @@ -53,6 +58,8 @@ global_state_allocate (void *closure)
>        memset (result->data.services, 0, sizeof (result->data.services));
>        result->data.initialized = true;
>        result->data.reload_disabled = false;
> +      result->root_ino = 0;
> +      result->root_dev = 0;
>        __libc_lock_init (result->lock);
>      }

Perhaps you can match the declaration order in the initialization?

> diff --git a/nss/nss_database.h b/nss/nss_database.h
> index 1f827e6def..f94c629174 100644
> --- a/nss/nss_database.h
> +++ b/nss/nss_database.h
> @@ -75,6 +75,10 @@ struct nss_database_data
>    nss_action_list services[NSS_DATABASE_COUNT];
>    int reload_disabled;          /* Actually bool; int for atomic access.  */
>    bool initialized;
> +  /* If "/" changes, we switched into a container and do NOT want to
> +     reload anything.  */
> +  ino64_t root_ino;
> +  ino64_t root_dev;
>  };
>  
>  /* Called by fork in the parent process, before forking.  */

This does not seem to be needed?

Rest looks good.

I have one remaining question: Should we load service modules after /
has changed?  Disabling reloading brings us back to the old behavior in
terms of exposure to untrusted /, but maybe we can do even better and
stop loading service modules altogether?  Assuming that this change is
compatible with init systems.

Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill

next prev parent reply	other threads:[~2021-01-16 10:52 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-16  0:59 nsswitch: do not reload if "/" changes DJ Delorie via Libc-alpha
2021-01-16 10:52 ` Florian Weimer via Libc-alpha [this message]
2021-01-18  1:13   ` DJ Delorie via Libc-alpha
2021-01-18 10:47     ` Florian Weimer via Libc-alpha
2021-01-18 18:20       ` DJ Delorie via Libc-alpha
2021-01-19 16:37         ` Florian Weimer via Libc-alpha
2021-01-22 19:10           ` [v2] " DJ Delorie via Libc-alpha
2021-01-26  9:58             ` Florian Weimer via Libc-alpha
2021-01-26 16:19               ` DJ Delorie via Libc-alpha
2021-01-26 16:30                 ` Florian Weimer via Libc-alpha
2021-01-26 16:47                   ` DJ Delorie via Libc-alpha
2021-01-27 17:28                     ` Carlos O'Donell via Libc-alpha
2021-01-27 18:44                       ` DJ Delorie via Libc-alpha
2021-01-28  0:31                         ` Joseph Myers
2021-01-28  0:34                           ` DJ Delorie via Libc-alpha
2021-01-28  0:39                             ` Joseph Myers
2021-01-28  1:15                               ` DJ Delorie via Libc-alpha
2021-01-18 12:42 ` Andreas Schwab
2021-01-18 12:53   ` Florian Weimer via Libc-alpha
2021-01-18 18:27   ` DJ Delorie via Libc-alpha
2021-01-18 15:59 ` Carlos O'Donell via Libc-alpha
2021-01-18 16:53   ` Florian Weimer via Libc-alpha
2021-01-19 14:30     ` Carlos O'Donell via Libc-alpha
2021-01-19 14:40       ` Florian Weimer via Libc-alpha
2021-01-18 18:35   ` DJ Delorie via Libc-alpha

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/libc/involved.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pn25nog9.fsf@oldenburg.str.redhat.com \
    --to=libc-alpha@sourceware.org \
    --cc=fweimer@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).