From: Casey Schaufler <casey@schaufler-ca.com>
To: "Al Viro" <viro@zeniv.linux.org.uk>,
"Christian Göttsche" <cgzones@googlemail.com>
Cc: selinux@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
LSM List <linux-security-module@vger.kernel.org>
Subject: Re: [RFC PATCH 1/2] fs/xattr: add *at family syscalls
Date: Thu, 1 Sep 2022 09:45:51 -0700 [thread overview]
Message-ID: <d955d8b5-ca2e-c040-9415-772fa5a71bc7@schaufler-ca.com> (raw)
In-Reply-To: <Yw/eEufm/QpKg5Pq@ZenIV>
On 8/31/2022 3:17 PM, Al Viro wrote:
> [linux-arch Cc'd for ABI-related stuff]
The LSM list <linux-security-module@vger.kernel.org> should be on
this thread as SELinux isn't the only security module that uses xattrs
extensively.
>
> On Tue, Aug 30, 2022 at 05:28:39PM +0200, Christian Göttsche wrote:
>> Add the four syscalls setxattrat(), getxattrat(), listxattrat() and
>> removexattrat() to enable extended attribute operations via file
>> descriptors. This can be used from userspace to avoid race conditions,
>> especially on security related extended attributes, like SELinux labels
>> ("security.selinux") via setfiles(8).
>>
>> Use the do_{name}at() pattern from fs/open.c.
>> Use a single flag parameter for extended attribute flags (currently
>> XATTR_CREATE and XATTR_REPLACE) and *at() flags to not exceed six
>> syscall arguments in setxattrat().
> I've no problems with the patchset aside of the flags part;
> however, note that XATTR_CREATE and XATTR_REPLACE are actually exposed
> to the network - the values are passed to nfsd by clients.
> See nfsd4_decode_setxattr() and
> BUILD_BUG_ON(XATTR_CREATE != SETXATTR4_CREATE);
> BUILD_BUG_ON(XATTR_REPLACE != SETXATTR4_REPLACE);
> in encode_setxattr() on the client side.
>
> Makes me really nervous about constraints like that. Sure,
> AT_... flags you are using are in the second octet and these are in
> the lowest one, but...
prev parent reply other threads:[~2022-09-01 16:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 15:28 [RFC PATCH 2/2] fs/xattr: wire up syscalls Christian Göttsche
2022-08-30 15:56 ` Christian Brauner
2022-08-31 19:54 ` Richard Guy Briggs
[not found] ` <20220830152858.14866-2-cgzones@googlemail.com>
2022-08-31 22:17 ` [RFC PATCH 1/2] fs/xattr: add *at family syscalls Al Viro
2022-09-01 8:20 ` Amir Goldstein
2022-09-01 16:45 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d955d8b5-ca2e-c040-9415-772fa5a71bc7@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=cgzones@googlemail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox