Leaking Path in XFS's ioctl interface(missing LSM check)

Leaking Path in XFS's ioctl interface(missing LSM check) · TongZhang <hidden> · 2018-09-26
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Dave Chinner <david@fromorbit.com> · 2018-09-26
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Stephen Smalley <hidden> · 2018-09-26
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Dave Chinner <david@fromorbit.com> · 2018-09-27
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Alan Cox <hidden> · 2018-09-26
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Dave Chinner <david@fromorbit.com> · 2018-09-27
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · James Morris <jmorris@namei.org> · 2018-09-27
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Dave Chinner <david@fromorbit.com> · 2018-09-27
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2018-09-27
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Alan Cox <hidden> · 2018-09-30
Re: Leaking Path in XFS's ioctl interface(missing LSM check) · Dave Chinner <david@fromorbit.com> · 2018-10-01

From: jmorris@namei.org (James Morris)
Date: 2018-09-27 21:23:52
Also in: linux-xfs, lkml

On Thu, 27 Sep 2018, Dave Chinner wrote:

Sure, but there are so many CAP_SYS_ADMIN-only ioctls in the kernel
that have no LSM coverage that this is not an isolated problem that
people setting up such systems have to deal with.

I could be missing something here, but all ioctls are mediated by LSM at a 
high level (security_file_ioctl). Some problematic ones are singled out at 
that point by LSMs for special handling.


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help