| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKtyLkEJKLgO1GvpTNmW=DnRhrsiPXGgz9=F7oJXVQPLSocSeA@mail.gmail.com>
Date: Sun, 20 Jul 2025 00:32:50 -0700
From: Fan Wu <wufan@...nel.org>
To: Abhinav Saxena <xandfury@...il.com>
Cc: Mickaël Salaün <mic@...ikod.net>,
Günther Noack <gnoack@...gle.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, Shuah Khan <shuah@...nel.org>,
Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH RFC 2/4] landlock: implement memfd detection
On Sat, Jul 19, 2025 at 4:13 AM Abhinav Saxena <xandfury@...il.com> wrote:
>
> Add is_memfd_file() function to reliably detect memfd files by checking
> for "memfd:" prefix in dentry names on shmem-backed files. This
> distinguishes true memfd files from regular shmem files.
>
> Move domain_is_scoped() to domain.c for reuse across subsystems.
> Add comprehensive kunit tests for memfd detection edge cases.
>
> Signed-off-by: Abhinav Saxena <xandfury@...il.com>
> ---
> security/landlock/domain.c | 67 +++++++++++++++
> security/landlock/domain.h | 4 +
> security/landlock/fs.c | 210 +++++++++++++++++++++++++++++++++++++++++++++
> security/landlock/task.c | 67 ---------------
> 4 files changed, 281 insertions(+), 67 deletions(-)
...
>
> +/**
> + * is_memfd_file - Check if file was created via memfd_create()
> + * @file: File to check
> + *
> + * Returns true if @file was created via memfd_create(), false otherwise.
> + *
> + * memfd files are shmem-backed files with "memfd:" prefix in their dentry name.
> + * This is the definitive way to distinguish memfd files from regular shmem
> + * files.
> + */
> +static bool is_memfd_file(struct file *file)
> +{
> + const struct dentry *dentry;
> + const unsigned char *name;
> + size_t name_len;
> +
> + /* Fast path: basic validation */
> + if (unlikely(!file))
> + return false;
> +
> + /* Must be shmem-backed first - this is the cheapest definitive check */
> + if (!shmem_file(file))
> + return false;
> +
> +#ifdef CONFIG_MEMFD_CREATE
> +
> + /* Validate dentry and get name info */
> + dentry = file->f_path.dentry;
> + if (unlikely(!dentry))
> + return false;
> +
> + name_len = dentry->d_name.len;
> + name = dentry->d_name.name;
> +
> + /* memfd files always have "memfd:" prefix (6 characters) */
> + if (name_len < 6 || unlikely(!name))
> + return false;
> +
> + /* Check for exact "memfd:" prefix */
> + return memcmp(name, "memfd:", 6) == 0;
> +#else
> + return false;
> +#endif
I was trying to do something similar early this year but didn't hear
feedback from the linux-mm folks.
https://lore.kernel.org/linux-security-module/20250129203932.22165-1-wufan@kernel.org/
I have considered this approach but didn't use it. My concern is,
potentially a malicious user can create a file in a shmem fs, e.g.
tmpfs , with the "memfd:" prefix, which can be used to bypass security
policy.
(Resending this message due to a misconfiguration with my email
client. Apologies for any inconvenience.)
-Fan
Powered by blists - more mailing lists