[PATCH v1] fs: Fix inconsistent f_mode
Paul Moore
paul at paul-moore.com
Sat Mar 12 15:17:25 UTC 2022
On Fri, Mar 11, 2022 at 8:35 PM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> On 2022/03/12 7:15, Paul Moore wrote:
> > The silence on this has been deafening :/ No thoughts on fixing, or
> > not fixing OPEN_FMODE(), Al?
>
> On 2022/03/01 19:15, Mickaël Salaün wrote:
> >
> > On 01/03/2022 10:22, Christian Brauner wrote:
> >> That specific part seems a bit risky at first glance. Given that the
> >> patch referenced is from 2009 this means we've been allowing O_WRONLY |
> >> O_RDWR to succeed for almost 13 years now.
> >
> > Yeah, it's an old bug, but we should keep in mind that a file descriptor
> > created with such flags cannot be used to read nor write. However,
> > unfortunately, it can be used for things like ioctl, fstat, chdir… I
> > don't know if there is any user of this trick.
>
> I got a reply from Al at https://lkml.kernel.org/r/20090212032821.GD28946@ZenIV.linux.org.uk
> that sys_open(path, 3) is for ioctls only. And I'm using this trick when opening something
> for ioctls only.
Thanks Tetsuo, that's helpful. After reading your email I went
digging around to see if this was documented anywhere, and buried in
the open(2) manpage, towards the bottom under the "File access mode"
header, is this paragraph:
"Linux reserves the special, nonstandard access mode 3 (binary 11)
in flags to mean: check for read and write permission on the file
and return a file descriptor that can't be used for reading or
writing. This nonstandard access mode is used by some Linux
drivers to return a file descriptor that is to be used only for
device-specific ioctl(2) operations."
I learned something new today :) With this in mind it looks like
doing a SELinux file:ioctl check is the correct thing to do.
Thanks again Tetsuo for clearing things up.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list