| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhSnP=j_T30ctVmzQ8TwhD6YFcrWhLbqa_oG3WSAPUPOaA@mail.gmail.com> Date: Fri, 21 Feb 2025 19:33:59 -0500 From: Paul Moore <paul@...l-moore.com> To: Andrey Albershteyn <aalbersh@...hat.com>, Mickaël Salaün <mic@...ikod.net> Cc: Richard Henderson <richard.henderson@...aro.org>, Matt Turner <mattst88@...il.com>, Russell King <linux@...linux.org.uk>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Geert Uytterhoeven <geert@...ux-m68k.org>, Michal Simek <monstr@...str.eu>, Thomas Bogendoerfer <tsbogend@...ha.franken.de>, "James E.J. Bottomley" <James.Bottomley@...senpartnership.com>, Helge Deller <deller@....de>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Naveen N Rao <naveen@...nel.org>, Heiko Carstens <hca@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, Alexander Gordeev <agordeev@...ux.ibm.com>, Christian Borntraeger <borntraeger@...ux.ibm.com>, Sven Schnelle <svens@...ux.ibm.com>, Yoshinori Sato <ysato@...rs.sourceforge.jp>, Rich Felker <dalias@...c.org>, John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>, "David S. Miller" <davem@...emloft.net>, Andreas Larsson <andreas@...sler.com>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Chris Zankel <chris@...kel.net>, Max Filippov <jcmvbkbc@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Günther Noack <gnoack@...gle.com>, Arnd Bergmann <arnd@...db.de>, linux-alpha@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, sparclinux@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-api@...r.kernel.org, linux-arch@...r.kernel.org, linux-xfs@...r.kernel.org Subject: Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls On Fri, Feb 21, 2025 at 10:08 AM Mickaël Salaün <mic@...ikod.net> wrote: > > It looks security checks are missing. With IOCTL commands, file > permissions are checked at open time, but with these syscalls the path > is only resolved but no specific access seems to be checked (except > inode_owner_or_capable via vfs_fileattr_set). Thanks for reviewing the patch and catching this Mickaël. I agree with the hooks identified and their placement; it should be fairly straightforward with only a few lines added in each case. -- paul-moore.com
Powered by blists - more mailing lists