lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YTDwCFbO9Jl6a7vP@redhat.com>
Date:   Thu, 2 Sep 2021 11:38:48 -0400
From:   Vivek Goyal <vgoyal@...hat.com>
To:     linux-api@...r.kernel.org, mtk.manpages@...il.com
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        virtio-fs@...hat.com, dwalsh@...hat.com, dgilbert@...hat.com,
        christian.brauner@...ntu.com, casey.schaufler@...el.com,
        linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
        tytso@....edu, miklos@...redi.hu, gscrivan@...hat.com,
        bfields@...hat.com, stephen.smalley.work@...il.com,
        agruenba@...hat.com, david@...morbit.com, viro@...iv.linux.org.uk
Subject: [PATCH 2/1] man-pages: xattr.7: Update text for user extended xattr
 behavior change

I have proposed a patch to relax restrictions on user extended xattrs and
allow file owner (or CAP_FOWNER) to get/set user extended xattrs on symlink
and device files.

Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
---
 man7/xattr.7 |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Index: man-pages/man7/xattr.7
===================================================================
--- man-pages.orig/man7/xattr.7	2021-09-01 13:46:16.165016463 -0400
+++ man-pages/man7/xattr.7	2021-09-01 16:31:51.038016463 -0400
@@ -129,8 +129,13 @@ a way not controllable by disk quotas fo
 special files and directories.
 .PP
 For this reason,
-user extended attributes are allowed only for regular files and directories,
-and access to user extended attributes is restricted to the
+user extended attributes are allowed only for regular files and directories
+till kernel 5.14. In newer kernel (5.15 onwards), restrictions have been
+relaxed a bit and user extended attributes are also allowed on symlinks
+and special files as long as caller is either owner of the file or is
+privileged (CAP_FOWNER).
+
+Access to user extended attributes is restricted to the
 owner and to users with appropriate capabilities for directories with the
 sticky bit set (see the
 .BR chmod (1)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ