lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2022 09:37:29 -0600
From:   Seth Forshee <sforshee@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] xattr audit fix for v6.2

Hi Linus,

/* Summary */
This is a single patch to remove auditing of the
capability check in simple_xattr_list(). This check is done to check
whether trusted xattrs should be included by listxattr(2). SELinux will
normally log a denial when capable() is called and the task's SELinux
context doesn't have the corresponding capability permission allowed,
which can end up spamming the log. Since a failed check here cannot be
used to infer malicious intent, auditing is of no real value, and it
makes sense to stop auditing the capability check.

/* Testing */
The patch is based off of 6.1-rc4 and has been sitting in linux-next. No
build failures or warnings were observed and fstests, selftests, and LTP
show no regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next. A test merge with current mainline also showed no conflicts.

The following changes since commit f0c4d9fc9cc9462659728d168387191387e903cc:

  Linux 6.1-rc4 (2022-11-06 15:07:11 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.xattr.simple.noaudit.v6.2

for you to fetch changes up to e7eda157c4071cd1e69f4b1687b0fbe1ae5e6f46:

  fs: don't audit the capability check in simple_xattr_list() (2022-11-07 16:55:45 +0100)

Please consider pulling these changes from the signed
fs.xattr.simple.noaudit.v6.2.

Thanks!
Seth

----------------------------------------------------------------
fs.xattr.simple.noaudit.v6.2

----------------------------------------------------------------
Ondrej Mosnacek (1):
      fs: don't audit the capability check in simple_xattr_list()

 fs/xattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ