| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250312212148.274205-2-ryan.lee@canonical.com>
Date: Wed, 12 Mar 2025 14:21:41 -0700
From: Ryan Lee <ryan.lee@...onical.com>
To: linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
apparmor@...ts.ubuntu.com,
linux-security-module@...r.kernel.org,
selinux@...r.kernel.org
Cc: Ryan Lee <ryan.lee@...onical.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>,
Jan Kara <jack@...e.cz>,
John Johansen <john.johansen@...onical.com>,
Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Mickaël Salaün <mic@...ikod.net>,
Günther Noack <gnoack@...gle.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Ondrej Mosnacek <omosnace@...hat.com>,
Casey Schaufler <casey@...aufler-ca.com>,
Kentaro Takeda <takedakn@...data.co.jp>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Subject: [RFC PATCH 1/6] fs: invoke LSM file_open hook in do_dentry_open for O_PATH fds as well
Currently, opening O_PATH file descriptors completely bypasses the LSM
infrastructure. Invoking the LSM file_open hook for O_PATH fds will
be necessary for e.g. mediating the fsmount() syscall.
Signed-off-by: Ryan Lee <ryan.lee@...onical.com>
---
fs/open.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/open.c b/fs/open.c
index 30bfcddd505d..0f8542bf6cd4 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -921,8 +921,13 @@ static int do_dentry_open(struct file *f,
if (unlikely(f->f_flags & O_PATH)) {
f->f_mode = FMODE_PATH | FMODE_OPENED;
file_set_fsnotify_mode(f, FMODE_NONOTIFY);
f->f_op = &empty_fops;
- return 0;
+ /*
+ * do_o_path in fs/namei.c unconditionally invokes path_put
+ * after this function returns, so don't path_put the path
+ * upon LSM rejection of O_PATH opening
+ */
+ return security_file_open(f);
}
if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
--
2.43.0
base-kernel: v6.14-rc6
Powered by blists - more mailing lists