| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Mar 2010 09:09:41 -0500 From: Christoph Hellwig <hch@...radead.org> To: James Morris <jmorris@...ei.org> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, David Woodhouse <dwmw2@...radead.org>, Joel Becker <joel.becker@...cle.com>, Mark Fasheh <mfasheh@...e.com>, Alex Elder <aelder@....com>, Chris Mason <chris.mason@...cle.com>, a.gruenbacher@...puter.org Subject: Re: [RFC][PATCH 0/2] Correct behavior for listxattr and 'trusted' xattrs On Tue, Mar 02, 2010 at 07:01:05PM +1100, James Morris wrote: > I noticed that there are differences in the behavior of listxattr(2) for > xattrs in the trusted namespace. > > Some filesystems, such as ext[234], require CAP_SYS_ADMIN for this, i.e. > trusted xattr names are hidden from unprivileged users. > > I audited the kernel for users of the trusted xattr namespace, and found > the following filesystems not checking for CAP_SYS_ADMIN: > > - jffs2 > - ocfs2 > - btrfs > - xfs > > I've created patches for jffs2 (tested) and ocfs2 (not tested) to add the > check -- see following emails. btrfs and xfs have custom listxattr > operations and will need a bit more work to fix. I think the behaviour of the above filesystems is correct. There is no requirement for privilegues to see the existence of these attributes. We also don't hide entries that aren't readable from readdir output. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists