From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 30357C38142 for ; Fri, 27 Jan 2023 23:01:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674860507; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1XqPUi9iGJxjdwiynmEh1zECWPJ9tDyE0AxWz8lOBdA=; b=Rjtot9YUqdsPTSnuH5+lU0dL5GC/krXdm/3UrsTrBBFwdeyAqZnVfGVqKA+0JhFWK7zWrj caXxsVAjc3CPh7jvJEmIrb/cSp3UY9tG6xsGsWvmYzPGHkN7I6YQ7LxKhmNyJahavnhi8x KmzXh8hri0teI2hZkYNy691b3nbNcnQ= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-212-ACFyZRekNLKulpJ78jOLjA-1; Fri, 27 Jan 2023 18:01:43 -0500 X-MC-Unique: ACFyZRekNLKulpJ78jOLjA-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 21636101A55E; Fri, 27 Jan 2023 23:01:42 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E699B492C14; Fri, 27 Jan 2023 23:01:41 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B53CE194658D; Fri, 27 Jan 2023 23:01:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 82868194658C for ; Fri, 27 Jan 2023 23:01:41 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 45B9E40C200D; Fri, 27 Jan 2023 23:01:41 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-0-3.rdu2.redhat.com [10.22.0.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 98EF340C2064; Fri, 27 Jan 2023 23:01:39 +0000 (UTC) Date: Fri, 27 Jan 2023 18:01:37 -0500 From: Richard Guy Briggs To: Paul Moore Subject: Re: [PATCH v1 2/2] io_uring,audit: do not log IORING_OP_*GETXATTR Message-ID: References: MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jens Axboe , Christian Brauner , LKML , Pavel Begunkov , Linux-Audit Mailing List , Stefan Roesch , Eric Paris , io-uring@vger.kernel.org Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 2023-01-27 17:43, Paul Moore wrote: > On Fri, Jan 27, 2023 at 12:24 PM Richard Guy Briggs wrote: > > Getting XATTRs is not particularly interesting security-wise. > > > > Suggested-by: Steve Grubb > > Fixes: a56834e0fafe ("io_uring: add fgetxattr and getxattr support") > > Signed-off-by: Richard Guy Briggs > > --- > > io_uring/opdef.c | 2 ++ > > 1 file changed, 2 insertions(+) > > Depending on your security policy, fetching file data, including > xattrs, can be interesting from a security perspective. As an > example, look at the SELinux file/getattr permission. > > https://github.com/SELinuxProject/selinux-notebook/blob/main/src/object_classes_permissions.md#common-file-permissions The intent here is to lessen the impact of audit operations. Read and Write were explicitly removed from io_uring auditing due to performance concerns coupled with the denial of service implications from sheer volume of records making other messages harder to locate. Those operations are still possible for syscall auditing but they are strongly discouraged for normal use. If the frequency of getxattr io_uring ops is so infrequent as to be no distraction, then this patch may be more of a liability than a benefit. > > diff --git a/io_uring/opdef.c b/io_uring/opdef.c > > index a2bf53b4a38a..f6bfe2cf078c 100644 > > --- a/io_uring/opdef.c > > +++ b/io_uring/opdef.c > > @@ -462,12 +462,14 @@ const struct io_op_def io_op_defs[] = { > > }, > > [IORING_OP_FGETXATTR] = { > > .needs_file = 1, > > + .audit_skip = 1, > > .name = "FGETXATTR", > > .prep = io_fgetxattr_prep, > > .issue = io_fgetxattr, > > .cleanup = io_xattr_cleanup, > > }, > > [IORING_OP_GETXATTR] = { > > + .audit_skip = 1, > > .name = "GETXATTR", > > .prep = io_getxattr_prep, > > .issue = io_getxattr, > > -- > > 2.27.0 > > -- > paul-moore.com > - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit