lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Sep 2022 17:26:30 +0200 From: Ondrej Mosnacek <omosnace@...hat.com> To: Alexander Viro <viro@...iv.linux.org.uk> Cc: linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, selinux@...r.kernel.org, rcu@...r.kernel.org, linux-kernel@...r.kernel.org, Martin Pitt <mpitt@...hat.com> Subject: [PATCH 0/2] fs: fix capable() call in simple_xattr_list() The goal of these patches is to avoid calling capable() unconditionally in simple_xattr_list(), which causes issues under SELinux (see explanation in the second patch). The first patch tries to make this change safer by converting simple_xattrs to use the RCU mechanism, so that capable() is not called while the xattrs->lock is held. I didn't find evidence that this is an issue in the current code, but it can't hurt to make that change either way (and it was quite straightforward). Ondrej Mosnacek (2): fs: convert simple_xattrs to RCU list fs: don't call capable() prematurely in simple_xattr_list() fs/xattr.c | 39 +++++++++++++++++++++++---------------- include/linux/xattr.h | 1 + 2 files changed, 24 insertions(+), 16 deletions(-) -- 2.37.2
Powered by blists - more mailing lists