From: Sascha Hauer <s.hauer@pengutronix.de>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: BAREBOX <barebox@lists.infradead.org>
Subject: Re: [PATCH v2 23/24] security: add filesystem security policies
Date: Tue, 23 Sep 2025 10:08:38 +0200 [thread overview]
Message-ID: <aNJVhoIIhDMYowAl@pengutronix.de> (raw)
In-Reply-To: <fbdf26d4-458b-49f3-8a00-f68840e4c934@pengutronix.de>
On Mon, Sep 22, 2025 at 06:16:34PM +0200, Ahmad Fatoum wrote:
> On 17.09.25 15:53, Sascha Hauer wrote:
> > We don't have any trusted filesystems in barebox and a manipulated
> > filesystem could trick barebox into crashing or loading untrusted data,
> > so add a security policy for the barebox filesystems.
> >
> > With SCONFIG_FS_EXTERNAL set barebox will allow mounting all filesystems
> > whereas with this option disabled only ramfs can be mounted. ramfs is
> > special: It is basically essential for barebox and also has no untrusted
> > data input.
> >
> > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> > ---
> > Sconfig | 1 +
> > fs/Sconfig | 5 +++++
> > fs/fs.c | 4 ++++
> > 3 files changed, 10 insertions(+)
> >
> > diff --git a/Sconfig b/Sconfig
> > index 7d7657e79061f4bf200519cf1fab8810b544f97e..cdb2ceccb1b46b038c0d4fa8dbd203737031dec5 100644
> > --- a/Sconfig
> > +++ b/Sconfig
> > @@ -8,3 +8,4 @@ source "security/Sconfig"
> > source "common/Sconfig"
> > source "drivers/usb/gadget/Sconfig"
> > source "commands/Sconfig"
> > +source "fs/Sconfig"
> > diff --git a/fs/Sconfig b/fs/Sconfig
> > new file mode 100644
> > index 0000000000000000000000000000000000000000..cdb58230f0e79addf8c0f719844af400e0d19939
> > --- /dev/null
> > +++ b/fs/Sconfig
> > @@ -0,0 +1,5 @@
> > +
> > +config FS_EXTERNAL
> > + bool "Allow mounting external file systems"
> > + help
> > + Say y to permit mounting file systems beyond devfs and ramfs.
> > diff --git a/fs/fs.c b/fs/fs.c
> > index 54bd35786857ab0e588277870fd1630d9292e116..5dcdf223756f470f94da15947e3f4e30bc27c1bd 100644
> > --- a/fs/fs.c
> > +++ b/fs/fs.c
> > @@ -35,6 +35,7 @@
> > #include <libfile.h>
> > #include <parseopt.h>
> > #include <linux/namei.h>
> > +#include <security/config.h>
> >
> > char *mkmodestr(unsigned long mode, char *str)
> > {
> > @@ -774,6 +775,9 @@ static int fs_probe(struct device *dev)
> > struct fs_driver *fsdrv = container_of(drv, struct fs_driver, drv);
> > int ret;
> >
> > + if (!IS_ALLOWED(SCONFIG_FS_EXTERNAL) && strcmp(fsdrv->drv.name, "ramfs"))
> > + return -EPERM;
>
> devfs is listed in the Kconfig help text, but missing here.
Fixed
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2025-09-23 8:09 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 13:53 [PATCH v2 00/24] Add security policy support Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 01/24] kconfig: allow setting CONFIG_ from the outside Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 02/24] scripts: include scripts/include for all host tools Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 03/24] kbuild: implement loopable loop_cmd Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 04/24] Add security policy support Sascha Hauer
2025-09-22 16:14 ` Ahmad Fatoum
2025-09-23 8:11 ` Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 05/24] kbuild: allow security config use without source tree modification Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 06/24] defaultenv: update PS1 according to security policy Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 07/24] security: policy: support externally provided configs Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 08/24] commands: implement sconfig command Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 09/24] docs: security-policies: add documentation Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 10/24] commands: go: add security config option Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 11/24] console: ratp: " Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 12/24] bootm: support calling bootm_optional_signed_images at any time Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 13/24] bootm: make unsigned image support runtime configurable Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 14/24] ARM: configs: add virt32_secure_defconfig Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 15/24] boards: qemu-virt: add security policies Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 16/24] boards: qemu-virt: allow setting policy from command line Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 17/24] test: py: add basic security policy test Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 18/24] usbserial: add inline wrappers Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 19/24] security: usbgadget: add usbgadget security policy Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 20/24] security: fastboot: add security policy for fastboot oem Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 21/24] security: shell: add policy for executing the shell Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 22/24] security: add security policy for loading barebox environment Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 23/24] security: add filesystem security policies Sascha Hauer
2025-09-22 16:16 ` Ahmad Fatoum
2025-09-23 8:08 ` Sascha Hauer [this message]
2025-09-17 13:53 ` [PATCH v2 24/24] security: console: add security policy for console input Sascha Hauer
2025-09-22 16:18 ` [PATCH v2 00/24] Add security policy support Ahmad Fatoum
2025-09-23 8:08 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNJVhoIIhDMYowAl@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.