| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201022051914.GI857@sol.localdomain>
Date: Wed, 21 Oct 2020 22:19:14 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Mark Salyzyn <salyzyn@...roid.com>
Cc: linux-kernel@...r.kernel.org, kernel-team@...roid.com,
Miklos Szeredi <miklos@...redi.hu>,
Jonathan Corbet <corbet@....net>,
Vivek Goyal <vgoyal@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Amir Goldstein <amir73il@...il.com>,
Randy Dunlap <rdunlap@...radead.org>,
Stephen Smalley <sds@...ho.nsa.gov>,
John Stultz <john.stultz@...aro.org>,
linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-unionfs@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [RESEND PATCH v18 0/4] overlayfs override_creds=off & nested get
xattr fix
On Wed, Oct 21, 2020 at 08:18:59AM -0700, Mark Salyzyn wrote:
> Mark Salyzyn (3):
> Add flags option to get xattr method paired to __vfs_getxattr
> overlayfs: handle XATTR_NOSECURITY flag for get xattr method
> overlayfs: override_creds=off option bypass creator_cred
>
> Mark Salyzyn + John Stultz (1):
> overlayfs: inode_owner_or_capable called during execv
>
> The first three patches address fundamental security issues that should
> be solved regardless of the override_creds=off feature.
>
> The fourth adds the feature depends on these other fixes.
FYI, I didn't receive patch 4, and neither https://lkml.kernel.org/linux-fsdevel
nor https://lkml.kernel.org/linux-unionfs have it either.
- Eric
Powered by blists - more mailing lists