| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Sep 2022 17:26:30 +0200
From: Ondrej Mosnacek <omosnace@...hat.com>
To: Alexander Viro <viro@...iv.linux.org.uk>
Cc: linux-fsdevel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
rcu@...r.kernel.org, linux-kernel@...r.kernel.org,
Martin Pitt <mpitt@...hat.com>
Subject: [PATCH 0/2] fs: fix capable() call in simple_xattr_list()
The goal of these patches is to avoid calling capable() unconditionally
in simple_xattr_list(), which causes issues under SELinux (see
explanation in the second patch).
The first patch tries to make this change safer by converting
simple_xattrs to use the RCU mechanism, so that capable() is not called
while the xattrs->lock is held. I didn't find evidence that this is an
issue in the current code, but it can't hurt to make that change
either way (and it was quite straightforward).
Ondrej Mosnacek (2):
fs: convert simple_xattrs to RCU list
fs: don't call capable() prematurely in simple_xattr_list()
fs/xattr.c | 39 +++++++++++++++++++++++----------------
include/linux/xattr.h | 1 +
2 files changed, 24 insertions(+), 16 deletions(-)
--
2.37.2
Powered by blists - more mailing lists