[linux-cifs-client] [PATCH] Remove information leak in Linux
CIFS client
simo
idra at samba.org
Sat Jan 19 08:18:42 GMT 2008
On Sat, 2008-01-19 at 05:55 +0100, Andi Kleen wrote:
> Fix information leak in CIFS client lookup
>
> Putting arbitary file names on lookup failures into the system log is not
> a good idea, because usually everybody can read dmesg and that is thus
> an information leak if a directory was read protected.
>
> Also changed the error printout for this case to a signed number, because
> it is normally negative and that makes it easier to read.
>
> I'm not sure the message is all that useful anyways. Perhaps it
> should be just removed completely? Or at least rate limited because
> it allows to spam the kernel log nicely.
>
> Signed-off-by: Andi Kleen <ak at suse.de>
>
> Index: linux/fs/cifs/dir.c
> ===================================================================
> --- linux.orig/fs/cifs/dir.c
> +++ linux/fs/cifs/dir.c
> @@ -518,7 +518,7 @@ cifs_lookup(struct inode *parent_dir_ino
> /* if it was once a directory (but how can we tell?) we could do
> shrink_dcache_parent(direntry); */
> } else {
> - cERROR(1, ("Error 0x%x on cifs_get_inode_info in lookup of %s",
> + cERROR(1, ("Error %d on cifs_get_inode_info in lookup of file",
> rc, full_path));
then please remove also full_path here ^^^^
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the linux-cifs-client
mailing list