[PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.

James Morris jmorris at namei.org
Mon Apr 22 22:52:05 UTC 2019


On Mon, 22 Apr 2019, Tetsuo Handa wrote:

> James, will you apply this patch and
> "[PATCH 3/3] tomoyo: Check address length before reading address family" and
> "[PATCH] tomoyo: Change pathname calculation for read-only filesystems." ?

On the 2nd one, did we see any feedback from Al?


> 
> On 2019/04/12 20:04, Tetsuo Handa wrote:
> > syzbot is reporting kernel panic triggered by memory allocation fault
> > injection before loading TOMOYO's policy [1]. To make the fuzzing tests
> > useful, we need to assign a profile other than "disabled" (no-op) mode.
> > Therefore, let's allow syzbot to load TOMOYO's built-in policy for
> > "learning" mode using a kernel config option. This option must not be
> > enabled for kernels built for production system, for this option also
> > disables domain/program checks when modifying policy configuration via
> > /sys/kernel/security/tomoyo/ interface.
> > 
> > [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95
> > 
> > Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab at syzkaller.appspotmail.com>
> > Reported-by: syzbot <syzbot+29569ed06425fcf67a95 at syzkaller.appspotmail.com>
> > Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb at syzkaller.appspotmail.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> > ---
> >  security/tomoyo/Kconfig  | 10 ++++++++++
> >  security/tomoyo/common.c | 13 ++++++++++++-
> >  2 files changed, 22 insertions(+), 1 deletion(-)
> 

-- 
James Morris
<jmorris at namei.org>



More information about the Linux-security-module-archive mailing list