From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: TongZhang <ztong@vt.edu>,
linux-xfs@vger.kernel.org,
"security@kernel.org>" <security@kernel.org>,
wenbo.s@samsung.com, ahmedmoneeb@gmail.com
Subject: Re: Missing security_inode_readlink() in xfs_file_ioctl()
Date: Fri, 10 Aug 2018 09:09:31 -0700 [thread overview]
Message-ID: <20180810160931.GF12194@magnolia> (raw)
In-Reply-To: <20180810092229.rq7m4zdq75tsggqv@mwanda>
On Fri, Aug 10, 2018 at 12:22:29PM +0300, Dan Carpenter wrote:
> Hi XFS devs,
>
> We received this email on security@kernel.org. This is under
> CAP_SYS_ADMIN, but it maybe should also check with selinux?
Hmm, so the point of adding a security_inode_readlink call would be to
restrict userland access xfs_readlink_by_handle further in case the
system has a policy whereby even possessing CAP_SYS_ADMIN is not by
itself sufficient to be able to read a symlink?
IOWs, are there security policies where CAP_SYS_ADMIN isn't a "get
access to everything" wildcard? I imagine the answer is "yes" and
therefore xfs needs the call, but I thought I'd ask first.
--D
> regards,
> dan carpenter
>
> On Thu, Aug 09, 2018 at 05:59:50PM -0700, TongZhang wrote:
> > [1.] One line summary of the problem:
> >
> > Possible missing security_inode_readlink() in xfs_file_ioctl()
> >
> > [2.] Full description of the problem/report:
> >
> > We noticed a use of vfs_readlink() in xfs_file_ioctl(), which should have been checked by
> > security_inode_readlink().
> >
> > The callgraph is:
> > xfs_file_ioctl()->xfs_readlink_by_handle()->vfs_readlink()
> >
> > This path allows user to do things similar to SyS_readlinkat(), and the parameters are
> > user controllable.
> >
> >
> > [3.] Keywords: LSM check
> > [4.] Kernel information
> > [4.1] Kernel Version: 4.14.61
> >
> >
> > - Tong
next prev parent reply other threads:[~2018-08-10 18:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <41DC519D-83A7-4964-A6C8-B16CFEEDB65F@vt.edu>
2018-08-10 9:22 ` Missing security_inode_readlink() in xfs_file_ioctl() Dan Carpenter
2018-08-10 16:09 ` Darrick J. Wong [this message]
2018-08-10 16:34 ` Linus Torvalds
2018-08-10 19:02 ` Dan Carpenter
2018-08-13 7:35 ` Carlos Maiolino
2018-08-13 8:30 ` Dan Carpenter
2018-08-13 22:22 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180810160931.GF12194@magnolia \
--to=darrick.wong@oracle.com \
--cc=ahmedmoneeb@gmail.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=security@kernel.org \
--cc=wenbo.s@samsung.com \
--cc=ztong@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).