[PATCH] SELinux: Check correct permissions for FS_IOC32_*

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Alfred Piccioni <alpic@google.com>
To: Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Eric Paris <eparis@parisplace.org>
Cc: stable@vger.kernel.org, selinux@vger.kernel.org,
	linux-kernel@vger.kernel.org, Alfred Piccioni <alpic@google.com>
Subject: [PATCH] SELinux: Check correct permissions for FS_IOC32_*
Date: Wed,  6 Sep 2023 12:25:57 +0200	[thread overview]
Message-ID: <20230906102557.3432236-1-alpic@google.com> (raw)

Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).

However, if a 32-bit process is running on a 64-bit kernel, it emmits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneoulsy, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file permissions.

Two possible solutions exist:

- Trim parameter "cmd" to a u16 so that only the last two bytes are
  checked in the case statement.

- Explicitily add the FS_IOC32_* codes to the case statement.

Solution 2 was chosen because it is a minimal explicit change. Solution
1 is a more elegant change, but is less explicit, as the switch
statement appears to only check the FS_IOC_* codes upon first reading.

Fixes: 0b24dcb7f2f7 ("Revert "selinux: simplify ioctl checking"")
Signed-off-by: Alfred Piccioni <alpic@google.com>
---
 security/selinux/hooks.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d06e350fedee..bba83f437a1d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3644,11 +3644,15 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 	case FIGETBSZ:
 	case FS_IOC_GETFLAGS:
 	case FS_IOC_GETVERSION:
+	case FS_IOC32_GETFLAGS:
+	case FS_IOC32_GETVERSION:
 		error = file_has_perm(cred, file, FILE__GETATTR);
 		break;

 	case FS_IOC_SETFLAGS:
 	case FS_IOC_SETVERSION:
+	case FS_IOC32_SETFLAGS:
+	case FS_IOC32_SETVERSION:
 		error = file_has_perm(cred, file, FILE__SETATTR);
 		break;

base-commit: 50a510a78287c15cee644f345ef8bac8977986a7
-- 
2.42.0.283.g2d96d420d3-goog

next             reply	other threads:[~2023-09-06 10:26 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-06 10:25 Alfred Piccioni [this message]
2023-09-06 10:28 ` [PATCH] SELinux: Check correct permissions for FS_IOC32_* kernel test robot
2023-09-06 11:59 ` [PATCH V2] " Alfred Piccioni
2023-09-06 17:49   ` Stephen Smalley
2023-09-08 22:54   ` kernel test robot
2023-09-11 13:19     ` Stephen Smalley
2023-09-11 13:49       ` Stephen Smalley
2023-09-12  9:00         ` Alfred Piccioni
2023-09-12 12:00           ` Stephen Smalley
2023-09-12 15:46             ` Mickaël Salaün
2023-09-13  3:52       ` Paul Moore
2023-12-18 12:41 ` [PATCH] SELinux: Introduce security_file_ioctl_compat hook Alfred Piccioni
2023-12-18 13:46   ` Stephen Smalley
2023-12-18 13:50     ` Stephen Smalley
2023-12-19  9:09 ` [PATCH] security: new security_file_ioctl_compat() hook Alfred Piccioni
2023-12-19  9:10   ` Alfred Piccioni
2023-12-20 14:38     ` Alfred Piccioni
2023-12-20 15:34     ` Stephen Smalley
2023-12-23 14:41     ` Tetsuo Handa
2023-12-20 17:31   ` Stephen Smalley
2023-12-20 18:48   ` Eric Biggers
2023-12-23  1:23   ` Paul Moore
2023-12-23 10:48     ` Tetsuo Handa
2023-12-24 19:58       ` Paul Moore
2023-12-23 15:34     ` Eric Biggers
2023-12-24 20:00       ` Paul Moore
2023-12-24 20:09         ` Paul Moore
2023-12-23 17:54     ` Casey Schaufler
2023-12-24 20:53   ` Paul Moore
2023-12-27  4:43     ` Eric Biggers

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d06e350fede dfblob:bba83f437a1 )
 OR (
bs:"[PATCH] SELinux: Check correct permissions for FS_IOC32_*" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230906102557.3432236-1-alpic@google.com \
    --to=alpic@google.com \
    --cc=eparis@parisplace.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox