| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43032103-99c5-88ae-5aa1-a7906e059a8b@I-love.SAKURA.ne.jp>
Date: Fri, 28 Sep 2018 08:12:41 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Dave Chinner <david@...morbit.com>,
James Morris <jmorris@...ei.org>
Cc: Alan Cox <gnomes@...rguk.ukuu.org.uk>, TongZhang <ztong@...edu>,
darrick.wong@...cle.com, linux-xfs@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org,
Wenbo Shen <shenwenbosmile@...il.com>
Subject: Re: Leaking Path in XFS's ioctl interface(missing LSM check)
On 2018/09/28 7:19, Dave Chinner wrote:> IOWs, the security_file_ioctl() hook is almost completely useless in
> cases like this - you can't isolate the ioctl based on the file
> argument, because it can point to any file or directory in the
> filesystem. And without actually parsing, decoding and instantiating
> the the ioctl arguments, you can't tell the ioctl it can't act on
> specific targets. And because filehandle to dentry resolution
> results in disconnected dentries, the paths are not complete and
> hence path based security checks (e.g. tomoyo) are likely to be
> broken and unfixable...
Though TOMOYO uses pathname as a mandatory parameter, CaitSith
(currently waiting for review) does not.
CaitSith can filter filesystem specific ioctl() using fsmagic
and cmd parameter like:
10 acl ioctl path.fsmagic=0x9FA0
audit 0
10 deny cmd=@...BIDDEN_IOCTLS_ON_PROCFS
20 allow
CaitSith does ioctl() checks. Missing LSM check is a bug.
Powered by blists - more mailing lists