From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E3D6BC27C76 for ; Sat, 28 Jan 2023 17:26:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674926799; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ZtY9BR9gz1Gw/aKORg4xK6QWNsh2u5Pr3f3fy2nMvXc=; b=EFJejVrNqyDIrB0nnfEoFczP1hh2+drZmwFJt70DuslLNLdst3/oQwIY4lR2BnkYH+n9LB exKQBko+eNSDe9wJfmlkoVd9fbD6W2Rd9n9pG3XYD8LskyxYbUULG93pioWD0LLPqJWHNf smW5gdky894ESmog5x7LttV3KmRZ1tM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-636-II18C0EzMAWXmDUho3xS0A-1; Sat, 28 Jan 2023 12:26:36 -0500 X-MC-Unique: II18C0EzMAWXmDUho3xS0A-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 61BBC80D0E4; Sat, 28 Jan 2023 17:26:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 43F6853AA; Sat, 28 Jan 2023 17:26:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 688E41946588; Sat, 28 Jan 2023 17:26:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1301E1946587 for ; Sat, 28 Jan 2023 17:26:33 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 05459492B05; Sat, 28 Jan 2023 17:26:33 +0000 (UTC) Received: from x2.localnet (unknown [10.22.8.91]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DC99492B06; Sat, 28 Jan 2023 17:26:32 +0000 (UTC) From: Steve Grubb To: Richard Guy Briggs , Paul Moore Subject: Re: [PATCH v1 2/2] io_uring,audit: do not log IORING_OP_*GETXATTR Date: Sat, 28 Jan 2023 12:26:31 -0500 Message-ID: <13202484.uLZWGnKmhe@x2> Organization: Red Hat In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jens Axboe , Christian Brauner , LKML , Pavel Begunkov , Linux-Audit Mailing List , Stefan Roesch , Eric Paris , io-uring@vger.kernel.org Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Friday, January 27, 2023 5:43:02 PM EST Paul Moore wrote: > On Fri, Jan 27, 2023 at 12:24 PM Richard Guy Briggs wrote: > > Getting XATTRs is not particularly interesting security-wise. > > > > Suggested-by: Steve Grubb > > Fixes: a56834e0fafe ("io_uring: add fgetxattr and getxattr support") > > Signed-off-by: Richard Guy Briggs > > --- > > io_uring/opdef.c | 2 ++ > > 1 file changed, 2 insertions(+) > > Depending on your security policy, fetching file data, including > xattrs, can be interesting from a security perspective. As an > example, look at the SELinux file/getattr permission. > > https://github.com/SELinuxProject/selinux-notebook/blob/main/src/object_cla > sses_permissions.md#common-file-permissions We're mostly interested in setting attributes because that changes policy. Reading them is not interesting unless the access fails with EPERM. I was updating the user space piece recently and saw there was a bunch of "new" operations. I was commenting that we need to audit 5 or 6 of the "new" operations such as IORING_OP_MKDIRATor IORING_OP_SETXATTR. But now that I see the patch, it looks like they are auditable and we can just let a couple be skipped. IORING_OP_MADVISE is not interesting as it just gives hiints about the expected access patterns of memory. If there were an equivalent of mprotect, that would be of interest, but not madvise. There are some I'm not sure about such as IORING_OP_MSG_RING and IORING_OP_URING_CMD. What do they do? -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit