[RFC][PATCH 0/8] Mount, FS, Block and Keyrings notifications [ver #2]
Andy Lutomirski
luto at kernel.org
Tue Jun 4 20:57:30 UTC 2019
On Tue, Jun 4, 2019 at 1:39 PM David Howells <dhowells at redhat.com> wrote:
>
> Andy Lutomirski <luto at kernel.org> wrote:
>
> > > Here's a set of patches to add a general variable-length notification queue
> > > concept and to add sources of events for:
> >
> > I asked before and didn't see a response, so I'll ask again. Why are you
> > paying any attention at all to the creds that generate an event?
>
> Casey responded to you. It's one of his requirements.
>
It being a "requirement" doesn't make it okay.
> However, the LSMs (or at least SELinux) ignore f_cred and use current_cred()
> when checking permissions. See selinux_revalidate_file_permission() for
> example - it uses current_cred() not file->f_cred to re-evaluate the perms,
> and the fd might be shared between a number of processes with different creds.
That's a bug. It's arguably a rather severe bug. If I ever get
around to writing the patch I keep thinking of that will warn if we
use creds from invalid contexts, it will warn.
Let's please not repeat this.
More information about the Linux-security-module-archive
mailing list