Leaking Path in XFS's ioctl interface(missing LSM check)
James Morris
jmorris at namei.org
Thu Sep 27 21:23:42 UTC 2018
On Thu, 27 Sep 2018, Dave Chinner wrote:
> Sure, but there are so many CAP_SYS_ADMIN-only ioctls in the kernel
> that have no LSM coverage that this is not an isolated problem that
> people setting up such systems have to deal with.
I could be missing something here, but all ioctls are mediated by LSM at a
high level (security_file_ioctl). Some problematic ones are singled out at
that point by LSMs for special handling.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list