iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Ondrej Mosnacek aa5f2912bb fs: don't audit the capability check in simple_xattr_list() 
[ Upstream commit e7eda157c4071cd1e69f4b1687b0fbe1ae5e6f46 ]

The check being unconditional may lead to unwanted denials reported by
LSMs when a process has the capability granted by DAC, but denied by an
LSM. In the case of SELinux such denials are a problem, since they can't
be effectively filtered out via the policy and when not silenced, they
produce noise that may hide a true problem or an attack.

Checking for the capability only if any trusted xattr is actually
present wouldn't really address the issue, since calling listxattr(2) on
such node on its own doesn't indicate an explicit attempt to see the
trusted xattrs. Additionally, it could potentially leak the presence of
trusted xattrs to an unprivileged user if they can check for the denials
(e.g. through dmesg).

Therefore, it's best (and simplest) to keep the check unconditional and
instead use ns_capable_noaudit() that will silence any associated LSM
denials.

Fixes: 38f38657444d ("xattr: extract simple_xattr code from tmpfs")
Reported-by: Martin Pitt <mpitt@redhat.com>
Suggested-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-01-14 10:15:16 +01:00
..
9p
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
2022-06-22 14:13:12 +02:00
adfs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
affs
fs/affs: release old buffer head on error path
2021-03-04 11:38:37 +01:00
afs
afs: Fix fileserver probe RTT handling
2022-12-08 11:23:56 +01:00
autofs
autofs: harden ioctl table
2020-10-16 11:11:22 -07:00
befs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
bfs
bfs: don't use WARNING: string when it's just info.
2021-01-06 14:56:52 +01:00
btrfs
btrfs: send: avoid unaligned encoded writes when attempting to clone range
2022-12-14 11:31:53 +01:00
cachefiles
fs/cachefiles: Remove wait_bit_key layout dependency
2021-03-30 14:32:07 +02:00
ceph
ceph: fix NULL pointer dereference for req->r_session
2022-12-02 17:40:03 +01:00
cifs
cifs: add check for returning value of SMB2_set_info_init
2022-11-25 17:45:48 +01:00
coda
configfs
configfs: fix a race in configfs_{,un}register_subsystem()
2022-03-02 11:42:52 +01:00
cramfs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
crypto
fscrypt: fix keyring memory leak on mount failure
2022-11-10 18:14:25 +01:00
debugfs
debugfs: add debugfs_lookup_and_remove()
2022-09-15 11:32:03 +02:00
devpts
fsnotify: fix fsnotify hooks in pseudo filesystems
2022-02-01 17:25:39 +01:00
dlm
fs: dlm: handle -EBUSY first in lock arg validation
2022-10-26 13:25:08 +02:00
ecryptfs
Revert "ecryptfs: replace BUG_ON with error handling code"
2021-05-26 12:06:55 +02:00
efivarfs
efivarfs: revert "fix memory leak in efivarfs_create()"
2020-11-25 16:55:02 +01:00
efs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
erofs
erofs: avoid consecutive detection for Highmem memory
2022-08-21 15:15:35 +02:00
exfat
exfat: check if cluster num is valid
2022-06-06 08:42:42 +02:00
exportfs
ext2
ext2: Add more validity checks for inode counts
2022-08-21 15:15:28 +02:00
ext4
ext4: fix use-after-free in ext4_ext_shift_extents
2022-12-02 17:40:02 +01:00
f2fs
ext4,f2fs: fix readahead of verity data
2022-11-10 18:14:29 +01:00
fat
fat: add ratelimit to fat*_ent_bread()
2022-06-09 10:20:58 +02:00
freevxfs
fscache
fscache: Fix cookie key hashing
2021-09-18 13:40:15 +02:00
fuse
fuse: always revalidate if exclusive create
2022-12-19 12:27:31 +01:00
gfs2
gfs2: Switch from strlcpy to strscpy
2022-11-25 17:45:56 +01:00
hfs
hfs: add lock nesting notation to hfs_find_init
2021-07-31 08:16:12 +02:00
hfsplus
hfsplus: prevent corruption in shrinking truncate
2021-05-19 10:13:10 +02:00
hostfs
hostfs: fix memory handling in follow_link()
2021-04-14 08:42:06 +02:00
hpfs
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
hugetlbfs
mm, hugetlb: allow for "high" userspace addresses
2022-04-27 13:53:54 +02:00
iomap
xfs: use current->journal_info for detecting transaction recursion
2022-07-07 17:52:19 +02:00
isofs
isofs: Fix out of bound access for corrupted isofs image
2021-11-12 14:58:33 +01:00
jbd2
jbd2: add miss release buffer head in fc_do_one_pass()
2022-10-26 13:25:13 +02:00
jffs2
jffs2: fix memory leak in jffs2_do_fill_super
2022-06-14 18:32:35 +02:00
jfs
fs: jfs: fix possible NULL pointer dereference in dbFree()
2022-06-09 10:20:57 +02:00
kernfs
kernfs: fix use-after-free in __kernfs_remove
2022-11-03 23:57:50 +09:00
lockd
lockd: lockd server-side shouldn't set fl_ops
2021-09-18 13:40:30 +02:00
minix
minix: fix bug when opening a file with O_DIRECT
2022-04-13 21:01:01 +02:00
nfs
NFSv4: Retry LOCK on OLD_STATEID during delegation return
2022-11-25 17:45:40 +01:00
nfs_common
nfs_common: need lock during iterate through the list
2020-12-30 11:53:45 +01:00
nfsd
vfs: fix copy_file_range() averts filesystem freeze protection
2022-12-19 12:27:30 +01:00
nilfs2
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
2022-12-08 11:23:57 +01:00
nls
notify
fsnotify: fix wrong lockdep annotations
2022-06-09 10:21:03 +02:00
ntfs
ntfs: check overflow when iterating ATTR_RECORDs
2022-11-25 17:45:57 +01:00
ocfs2
ocfs2: fix BUG when iput after ocfs2_mknod fails
2022-10-30 09:41:15 +01:00
omfs
fs: omfs: use kmemdup() rather than kmalloc+memcpy
2020-09-22 23:39:45 -04:00
openpromfs
orangefs
orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
2022-01-20 09:17:50 +01:00
overlayfs
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
2022-08-21 15:15:23 +02:00
proc
Revert "proc: don't allow async path resolution of /proc/self components"
2023-01-04 11:39:24 +01:00
pstore
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
2023-01-14 10:15:14 +01:00
qnx4
qnx4: work around gcc false positive warning bug
2021-09-30 10:11:08 +02:00
qnx6
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
quota
quota: Check next/prev free block number after reading from quota file
2022-10-26 13:25:09 +02:00
ramfs
ramfs: fix nommu mmap with gaps in the page cache
2020-10-16 11:11:22 -07:00
reiserfs
reiserfs: check directory items on read from disk
2021-08-12 13:22:19 +02:00
romfs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
squashfs
squashfs: fix divide error in calculate_skip()
2021-05-19 10:13:10 +02:00
sysfs
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
2020-10-02 12:02:30 +02:00
sysv
[PATCH] reduce boilerplate in fsid handling
2020-09-18 16:45:50 -04:00
tracefs
tracefs: Only clobber mode/uid/gid on remount if asked
2022-09-20 12:38:31 +02:00
ubifs
ubifs: Rectify space amount budget for mkdir/tmpfile operations
2022-04-13 21:00:53 +02:00
udf
udf: Fix extending file within last block
2022-12-21 17:32:06 +01:00
ufs
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-10-24 12:26:05 -07:00
unicode
unicode: Add utf8_casefold_hash
2020-09-10 14:03:31 -07:00
vboxsf
vboxfs: fix broken legacy mount signature checking
2021-10-17 10:43:33 +02:00
verity
fs-verity: fix signed integer overflow with i_size near S64_MAX
2021-10-06 15:55:46 +02:00
xfs
xfs: validate inode fork size against fork format
2022-09-28 11:10:29 +02:00
zonefs
zonefs: fix zone report size in __zonefs_io_error()
2022-12-02 17:40:05 +01:00
aio.c
aio: fix use-after-free due to missing POLLFREE handling
2021-12-14 11:32:40 +01:00
anon_inodes.c
attr.c
vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-21 15:15:22 +02:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
coredump: Snapshot the vmas in do_coredump
2022-04-08 14:40:44 +02:00
binfmt_elf.c
fs/binfmt_elf: Fix memory leak in load_elf_binary()
2022-11-03 23:57:49 +09:00
binfmt_em86.c
binfmt_flat.c
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-09 10:20:47 +02:00
binfmt_misc.c
binfmt_misc: fix possible deadlock in bm_register_write
2021-03-17 17:06:35 +01:00
binfmt_script.c
block_dev.c
block: fix a race between del_gendisk and BLKRRPART
2021-06-03 09:00:45 +02:00
buffer.c
mm: fs: initialize fsdata passed to write_begin/write_end interface
2022-11-25 17:45:56 +01:00
char_dev.c
compat_binfmt_elf.c
coredump.c
coredump: Limit what can interrupt coredumps
2023-01-04 11:39:22 +01:00
d_path.c
fs: fix NULL dereference due to data race in prepend_path()
2020-10-14 14:54:45 -07:00
dax.c
dax: fix cache flush on PMD-mapped pages
2022-06-09 10:21:16 +02:00
dcache.c
dcookies.c
direct-io.c
fs: direct-io: fix missing sdio->boundary
2021-04-14 08:41:58 +02:00
drop_caches.c
eventfd.c
eventfd: provide a eventfd_signal_mask() helper
2023-01-04 11:39:24 +01:00
eventpoll.c
eventpoll: add EPOLL_URING_WAKE poll wakeup flag
2023-01-04 11:39:24 +01:00
exec.c
exec: Copy oldsighand->action under spin-lock
2022-11-03 23:57:49 +09:00
fcntl.c
fcntl: fix potential deadlocks for &fown_struct.lock
2022-10-30 09:41:18 +01:00
fhandle.c
file_table.c
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
2022-05-18 10:23:48 +02:00
file.c
fs: provide locked helper variant of close_fd_get_file()
2023-01-04 11:39:18 +01:00
filesystems.c
fs_context.c
memcg: charge fs_context and legacy_fs_context
2022-02-08 18:30:36 +01:00
fs_parser.c
fs_parse: mark fs_param_bad_value() as static
2020-10-13 18:38:27 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
2022-06-09 10:21:22 +02:00
fsopen.c
init.c
inode.c
fs: fix UAF/GPF bug in nilfs_mdt_destroy
2022-10-15 07:55:51 +02:00
internal.h
fs: provide locked helper variant of close_fd_get_file()
2023-01-04 11:39:18 +01:00
ioctl.c
fs: fix an infinite loop in iomap_fiemap
2022-05-25 09:17:54 +02:00
Kconfig
tmpfs: disallow CONFIG_TMPFS_INODE64 on alpha
2021-02-17 11:02:21 +01:00
Kconfig.binfmt
kernel_read_file.c
vfs: check fd has read access in kernel_read_file_from_fd()
2021-10-27 09:56:51 +02:00
libfs.c
libfs: fix error cast of negative value in simple_attr_write()
2020-11-22 10:48:22 -08:00
locks.c
Revert "nfsd4: a client's own opens needn't prevent delegations"
2021-03-20 10:43:44 +01:00
Makefile
io_uring: import 5.15-stable io_uring
2023-01-04 11:39:23 +01:00
mbcache.c
mount.h
mpage.c
namei.c
fs: make do_renameat2() take struct filename
2023-01-04 11:39:18 +01:00
namespace.c
fs: warn about impending deprecation of mandatory locks
2021-08-26 08:35:57 -04:00
no-block.c
nsfs.c
open.c
fs: expose LOOKUP_CACHED through openat2() RESOLVE_CACHED
2023-01-04 11:39:17 +01:00
pipe.c
pipe: Fix missing lock in pipe_resize_ring()
2022-06-06 08:42:41 +02:00
pnode.c
pnode.h
mount: fix mounting of detached mounts onto targets that reside on shared mounts
2021-03-17 17:06:13 +01:00
posix_acl.c
proc_namespace.c
proc mountinfo: make splice available again
2020-12-30 11:54:02 +01:00
read_write.c
vfs: fix copy_file_range() averts filesystem freeze protection
2022-12-19 12:27:30 +01:00
readdir.c
readdir: make sure to verify directory entry for legacy interfaces too
2021-04-21 13:00:54 +02:00
remap_range.c
fs/remap: constrain dedupe of EOF blocks
2022-07-21 21:20:01 +02:00
select.c
select: Fix indefinitely sleeping task in poll_schedule_timeout()
2022-01-29 10:26:11 +01:00
seq_file.c
seq_file: disallow extremely large seq buffer allocations
2021-07-20 16:05:59 +02:00
signalfd.c
io_uring: disable polling pollfree files
2022-09-05 10:28:58 +02:00
splice.c
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
2022-10-17 17:26:07 +02:00
stack.c
stat.c
stat: fix inconsistency between struct stat and struct compat_stat
2022-04-27 13:53:54 +02:00
statfs.c
super.c
fscrypt: fix keyring memory leak on mount failure
2022-11-10 18:14:25 +01:00
sync.c
vfs: make sync_filesystem return errors from ->sync_fs
2022-08-31 17:15:14 +02:00
timerfd.c
userfaultfd.c
userfaultfd: open userfaultfds with O_RDONLY
2022-10-26 13:25:17 +02:00
utimes.c
xattr.c
fs: don't audit the capability check in simple_xattr_list()
2023-01-14 10:15:16 +01:00