From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Mark Salyzyn <salyzyn@android.com>
Cc: linux-kernel@vger.kernel.org, kernel-team@android.com,
linux-security-module@vger.kernel.org, stable@vger.kernel.org,
Miklos Szeredi <miklos@szeredi.hu>,
linux-unionfs@vger.kernel.org
Subject: Re: [PATCH] ovl: filter of trusted xattr results in audit
Date: Mon, 7 Oct 2019 18:16:16 +0200 [thread overview]
Message-ID: <20191007161616.GA988623@kroah.com> (raw)
In-Reply-To: <20191007160918.29504-1-salyzyn@android.com>
On Mon, Oct 07, 2019 at 09:09:16AM -0700, Mark Salyzyn wrote:
> When filtering xattr list for reading, presence of trusted xattr
> results in a security audit log. However, if there is other content
> no errno will be set, and if there isn't, the errno will be -ENODATA
> and not -EPERM as is usually associated with a lack of capability.
> The check does not block the request to list the xattrs present.
>
> Switch to has_capability_noaudit to reflect a more appropriate check.
>
> Signed-off-by: Mark Salyzyn <salyzyn@android.com>
> Cc: linux-security-module@vger.kernel.org
> Cc: kernel-team@android.com
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: stable@vger.kernel.org # v3.18
> Fixes: upstream a082c6f680da ("ovl: filter trusted xattr for non-admin")
> Fixes: 3.18 4bcc9b4b3a0a ("ovl: filter trusted xattr for non-admin")
> ---
> Replaced ns_capable_noaudit with 3.18.y tree specific
> has_capability_noaudit present in original submission to kernel.org
> commit 5c2e9f346b815841f9bed6029ebcb06415caf640
> ("ovl: filter of trusted xattr results in audit")
>
> fs/overlayfs/inode.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
> index a01ec1836a72..1175efa5e956 100644
> --- a/fs/overlayfs/inode.c
> +++ b/fs/overlayfs/inode.c
> @@ -265,7 +265,8 @@ static bool ovl_can_list(const char *s)
> return true;
>
> /* Never list trusted.overlay, list other trusted for superuser only */
> - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
> + return !ovl_is_private_xattr(s) &&
> + has_capability_noaudit(current, CAP_SYS_ADMIN);
> }
>
> ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
> --
> 2.23.0.581.g78d2f28ef7-goog
>
Thanks for the backport, this one worked!
greg k-h
next prev parent reply other threads:[~2019-10-07 16:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 16:09 [PATCH] ovl: filter of trusted xattr results in audit Mark Salyzyn
2019-10-07 16:16 ` Greg Kroah-Hartman [this message]
2019-10-07 16:17 ` Greg Kroah-Hartman
2019-10-07 16:40 ` Greg Kroah-Hartman
2019-10-07 16:43 ` Mark Salyzyn
2019-10-07 16:42 ` Mark Salyzyn
2019-10-07 16:48 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191007161616.GA988623@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=salyzyn@android.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.