[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=whDAUMSPhDhMUeHNKGd-ZX8ixNeEz7FLfQasAGvi_knDg@mail.gmail.com>
Date: Wed, 24 Jan 2024 10:27:03 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>, Kentaro Takeda <takedakn@...data.co.jp>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
John Johansen <john.johansen@...onical.com>, Paul Moore <paul@...l-moore.com>
Cc: Kevin Locke <kevin@...inlocke.name>, Josh Triplett <josh@...htriplett.org>,
Mateusz Guzik <mjguzik@...il.com>, Al Viro <viro@...iv.linux.org.uk>, linux-mm@...ck.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper
On Wed, 24 Jan 2024 at 09:27, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> IOW, I think the goal here should be "minimal fix" followed by "remove
> that horrendous thing".
Ugh. The tomoyo use is even *more* disgusting, in how it uses it for
"tomoyo_domain()" entirely independently of even the ->file_open()
callback.
So for tomoyo, it's not about the file open, it's about
tomoyo_cred_prepare() and friends.
So the patch I posted probably fixes apparmor, but only breaks tomoyo
instead, because tomoyo really does seem to use it around the whole
security_bprm_creds_for_exec() thing.
Now, tomoyo *also* uses it for the file_open() callback, just to confuse things.
IOW, I think the right thing to do is to split this in two:
- leave the existing ->in_execve for the bprm_creds dance in
boprm_execve(). Horrendous and disgusing.
- the ->file_open() thing is changed to check file->f_flags
(with a comment about how FMODE_EXEC is in f_flags, not f_mode like it
should be).
IOW, I think the patch I posted earlier - and Kees' version of the
same thing - is just broken. This attached patch might work.
And as noted, since it checks __FMODE_EXEC, it now allows the uselib()
case too. I think that's ok.
UNTESTED. But I think this is at least a movement in the right
direction. The whole cred use of current->in_execve in tomoyo should
*also* be fixed, but I didn't even try to follow what it actually
wanted.
Linus
View attachment "patch.diff" of type "text/x-patch" (1366 bytes)
Powered by blists - more mailing lists