| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ea67453d-e5de-7c3a-e1da-d1e5ac30b2dd@android.com>
Date: Thu, 22 Oct 2020 06:18:02 -0700
From: Mark Salyzyn <salyzyn@...roid.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-kernel@...r.kernel.org, kernel-team@...roid.com,
Miklos Szeredi <miklos@...redi.hu>,
Jonathan Corbet <corbet@....net>,
Vivek Goyal <vgoyal@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Amir Goldstein <amir73il@...il.com>,
Randy Dunlap <rdunlap@...radead.org>,
Stephen Smalley <sds@...ho.nsa.gov>,
John Stultz <john.stultz@...aro.org>,
linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-unionfs@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org
Subject: Re: [RESEND PATCH v18 0/4] overlayfs override_creds=off & nested get
xattr fix
On 10/21/20 10:19 PM, Eric Biggers wrote:
> On Wed, Oct 21, 2020 at 08:18:59AM -0700, Mark Salyzyn wrote:
>> Mark Salyzyn (3):
>> Add flags option to get xattr method paired to __vfs_getxattr
>> overlayfs: handle XATTR_NOSECURITY flag for get xattr method
>> overlayfs: override_creds=off option bypass creator_cred
>>
>> Mark Salyzyn + John Stultz (1):
>> overlayfs: inode_owner_or_capable called during execv
>>
>> The first three patches address fundamental security issues that should
>> be solved regardless of the override_creds=off feature.
>>
>> The fourth adds the feature depends on these other fixes.
> FYI, I didn't receive patch 4, and neither https://lkml.kernel.org/linux-fsdevel
> nor https://lkml.kernel.org/linux-unionfs have it either.
>
> - Eric
Resent again, thanks.
Powered by blists - more mailing lists