From: Kees Cook <keescook@chromium.org>
To: "Jérémie Galarneau" <jeremie.galarneau@efficios.com>
Cc: s.mesoraca16@gmail.com, viro@zeniv.linux.org.uk,
dan.carpenter@oracle.com, akpm@linux-foundation.org,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
lkml <linux-kernel@vger.kernel.org>,
torvalds@linux-foundation.org, solar@openwall.com
Subject: Re: Unmerged patches adding audit when protected_regular/fifos sysctl causes EACCES
Date: Wed, 25 Sep 2019 13:12:37 -0700 [thread overview]
Message-ID: <201909251307.B970AF1E7@keescook> (raw)
In-Reply-To: <CA+jJMxvkqjXHy3DnV5MVhFTL2RUhg0WQ-XVFW3ngDQOdkFq0PA@mail.gmail.com>
On Wed, Sep 25, 2019 at 02:58:28PM -0400, Jérémie Galarneau wrote:
> Hi Kees,
>
> I have noticed that the two top-most patches of your protected-creat
> branch were never merged upstream [1]. Those patches add audit logs
> whenever the protected_regular or protected_fifo sysctl prevent the
> creation of a file/fifo.
>
> They were mentioned in the v4 thread [2] of the "main" patch and
> seemed acceptable, but they were no longer mentioned in v5 [3], which
> was merged.
>
> Now that systemd enables those sysctls by default (v241+), I got
> bitten pretty hard by this check and it took me a while to figure out
> what was happening [4]. I ended up catching it by adding a bunch of
> printk(), including where you proposed to add an audit log statement.
>
> I just found your two patches while implementing what you proposed almost 1:1.
>
> Was there a reason why those were abandoned? Otherwise, would you mind
> resubmitting them?
Hi!
There was concern about getting buy-in from the audit folks delaying
things even more. Instead of waiting for that, as it had already taken
a long time to get consensus even on the functionality, they were
dropped.
I'll rebase them and send them out again; thanks for the ping!
-Kees
>
> Thanks!
> Jérémie
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/userspace/protected-creat
> [2] https://lkml.org/lkml/2018/4/10/840
> [3] https://lore.kernel.org/lkml/20180416175918.GA13494@beast/
> [4] https://github.com/lttng/lttng-tools/commit/cf86ff2c4ababd01fea7ab2c9c289cb7c0a1bcd5
>
> --
> Jérémie Galarneau
> EfficiOS Inc.
> http://www.efficios.com
--
Kees Cook
next prev parent reply other threads:[~2019-09-25 20:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-25 18:58 Unmerged patches adding audit when protected_regular/fifos sysctl causes EACCES Jérémie Galarneau
2019-09-25 20:12 ` Kees Cook [this message]
2019-09-25 20:23 ` Mathieu Desnoyers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201909251307.B970AF1E7@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=jeremie.galarneau@efficios.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=s.mesoraca16@gmail.com \
--cc=solar@openwall.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox