Commit 13c164b1a186 - regression for LSMs/SELinux?

Linus Torvalds torvalds at linux-foundation.org
Mon Sep 21 16:27:28 UTC 2020


On Mon, Sep 21, 2020 at 9:09 AM Christoph Hellwig <hch at lst.de> wrote:
>
> So we obviously should not break existing user space and need to fix
> this ASAP.  The trivial "fix" would be to export __kernel_write again
> and switch autofs to use it.  The other option would be a FMODE flag
> to bypass security checks, only to be set if the callers ensures
> they've been valided (i.e. in autofs_prepare_pipe).
>
> Any opinions?

I'd much rather do the former than add a new dynamic flag that we then
have to worry about somebody being able to set thanks to a bug.

Static behavior is a lot easier to verify and document (ie just a
comment in the code explaining why autofs cannot use the regular
kernel_write()). There's no chance of that static behavior then
leaking to other call sites.

                   Linus



More information about the Linux-security-module-archive mailing list