Date: Sun, 31 Jul 2016 10:55:04 +0000 From: "Reshetova, Elena" <elena.reshetova@...el.com> To: Jann Horn <jann@...jh.net>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> CC: "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "keescook@...omium.org" <keescook@...omium.org>, "spender@...ecurity.net" <spender@...ecurity.net>, "jmorris@...ei.org" <jmorris@...ei.org>, "Schaufler, Casey" <casey.schaufler@...el.com>, "Leibowitz, Michael" <michael.leibowitz@...el.com>, "Roberts, William C" <william.c.roberts@...el.com> Subject: RE: [RFC] [PATCH 1/5] path_fchdir and path_fhandle LSM hooks On Fri, Jul 29, 2016 at 10:34:36AM +0300, Elena Reshetova wrote: > This introduces two new LSM hooks operating on paths. > > - security_path_fchdir() checks for permission on > changing working directory. It can be used by > LSMs concerned on fchdir system call >I don't think security_path_fchdir() is a good abstraction level. It neither covers the whole case of "cwd is changed" nor does it cover the whole case of "someone uses a file descriptor to a directory to look up stuff outside that directory". Do you have a suggestion on what can be a good place? >For example, security_path_fchdir() seems to be intended to prevent the use of a leaked file descriptor to the outside world for accessing other files in the outside world. Yes, this was exactly the use case. >But this is trivially bypassed by first using openat() directly instead of fchdir()+open() (something that used to work against grsecurity, but was fixed quite a while ago). The way it has been addressed in grsecurity is having a check inside filename_lookup() , but it doesn't look a very great place for putting a hook. I was thinking about it , but so far didn't find any other good alternatives. Download attachment "smime.p7s" of type "application/pkcs7-signature" (7586 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.