| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <056d8f1a-b45f-379f-d81a-8c13a1536c3f@digikod.net>
Date: Tue, 3 Nov 2020 17:03:45 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Jann Horn <jannh@...gle.com>
Cc: James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>,
Al Viro <viro@...iv.linux.org.uk>,
Andy Lutomirski <luto@...capital.net>,
Anton Ivanov <anton.ivanov@...bridgegreys.com>,
Arnd Bergmann <arnd@...db.de>,
Casey Schaufler <casey@...aufler-ca.com>,
Jeff Dike <jdike@...toit.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Michael Kerrisk <mtk.manpages@...il.com>,
Richard Weinberger <richard@....at>,
Shuah Khan <shuah@...nel.org>,
Vincent Dagonneau <vincent.dagonneau@....gouv.fr>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Linux API <linux-api@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
the arch/x86 maintainers <x86@...nel.org>,
Mickaël Salaün <mic@...ux.microsoft.com>
Subject: Re: [PATCH v22 07/12] landlock: Support filesystem access-control
On 29/10/2020 02:06, Jann Horn wrote:
> (On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün <mic@...ikod.net> wrote:
>> diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> [...]
>> +static inline u32 get_file_access(const struct file *const file)
>> +{
>> + u32 access = 0;
>> +
>> + if (file->f_mode & FMODE_READ) {
>> + /* A directory can only be opened in read mode. */
>> + if (S_ISDIR(file_inode(file)->i_mode))
>> + return LANDLOCK_ACCESS_FS_READ_DIR;
>> + access = LANDLOCK_ACCESS_FS_READ_FILE;
>> + }
>> + /*
>> + * A LANDLOCK_ACCESS_FS_APPEND could be added but we also need to check
>> + * fcntl(2).
>> + */
>
> Once https://lore.kernel.org/linux-api/20200831153207.GO3265@brightrain.aerifal.cx/
> lands, pwritev2() with RWF_NOAPPEND will also be problematic for
> classifying "write" vs "append"; you may want to include that in the
> comment. (Or delete the comment.)
Contrary to fcntl(2), pwritev2(2) doesn't seems to modify the file
description. Otherwise, other LSMs would need to be patched.
I'll remove this comment anyway.
>
>> + if (file->f_mode & FMODE_WRITE)
>> + access |= LANDLOCK_ACCESS_FS_WRITE_FILE;
>> + /* __FMODE_EXEC is indeed part of f_flags, not f_mode. */
>> + if (file->f_flags & __FMODE_EXEC)
>> + access |= LANDLOCK_ACCESS_FS_EXECUTE;
>> + return access;
>> +}
> [...]
>
Powered by blists - more mailing lists