Re: CVE-2025-21830: landlock: Handle weird files

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

On Mon, Mar 10, 2025 at 01:00:50PM +0100, Mickaël Salaün wrote:
> Hi Greg,
> 
> FYI, I don't think this patch fixes a security issue.  If attackers can
> corrupt a filesystem, then they should already be able to harm the whole
> system.
> 
> The commit description might be a bit confusing, but from an access
> control point of view, the filesystem on which we spotted this issue
> (bcachefs) does not allow to open weird files (but they are still
> visible, hence this patch) and I guess it would be the same for other
> filesystems, right?  I'm not sure how a weird file could be used by user
> space.  See
> https://lore.kernel.org/all/Zpc46HEacI%2Fwd7Rg@dread.disaster.area/
> 
> The goal of this fix was mainly to not warn about a bcachefs issue (and
> avoid related syzkaller report for Landlock), and to harden Landlock in
> case other filesystems have this kind of bug.

It was issue a CVE because the reviewers thought that it was a way to
circumvent the landlock permission checks, based on the changelog text
(note, creating a "corrupted filesystem" is quite easy to get many Linux
systems to auto-mount it, so those types of issues do get assigned
CVEs.)

If you all do not think this meets the definition of a vulnerability as
defined by CVE.org as:
	An instance of one or more weaknesses in a Product that can be
	exploited, causing a negative impact to confidentiality, integrity, or
	availability; a set of conditions or behaviors that allows the
	violation of an explicit or implicit security policy.

We will be glad to revoke it, just let us know.

thanks,

greg k-h