Thread (7 messages) 7 messages, 5 authors, 2018-08-14

Re: Missing security_inode_readlink() in xfs_file_ioctl()

From: Carlos Maiolino <hidden>
Date: 2018-08-13 10:16:34

On Fri, Aug 10, 2018 at 10:02:17PM +0300, Dan Carpenter wrote:
On Fri, Aug 10, 2018 at 09:09:31AM -0700, Darrick J. Wong wrote:
quoted
On Fri, Aug 10, 2018 at 12:22:29PM +0300, Dan Carpenter wrote:
quoted
Hi XFS devs,

We received this email on security@kernel.org.  This is under
CAP_SYS_ADMIN, but it maybe should also check with selinux?
Hmm, so the point of adding a security_inode_readlink call would be to
restrict userland access xfs_readlink_by_handle further in case the
system has a policy whereby even possessing CAP_SYS_ADMIN is not by
itself sufficient to be able to read a symlink?

IOWs, are there security policies where CAP_SYS_ADMIN isn't a "get
access to everything" wildcard?  I imagine the answer is "yes" and
therefore xfs needs the call, but I thought I'd ask first.
Yeah...  Forget about it.  I pushed this out to you without really
thinking about it, just to get it off my todo list and that wasn't the
right thing.
Just thought it was worth to mention...

A long time ago, I've seen implementations where the system administration was
split between a sys admin and a 'security admin', where the security admin
removed some root permissions, and so, some very specific tasks could only be
done by the security admin.
All these were enforced by selinux.
Although, I don't see such implementations in ages, I still think they are out
there.

Cheers
regards,
dan carpenter
-- 
Carlos
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help