CVE-2025-21830: landlock: Handle weird files
Kent Overstreet
kent.overstreet at linux.dev
Mon Mar 10 13:49:12 UTC 2025
On Mon, Mar 10, 2025 at 01:00:50PM +0100, Mickaël Salaün wrote:
> Hi Greg,
>
> FYI, I don't think this patch fixes a security issue. If attackers can
> corrupt a filesystem, then they should already be able to harm the whole
> system.
>
> The commit description might be a bit confusing, but from an access
> control point of view, the filesystem on which we spotted this issue
> (bcachefs) does not allow to open weird files (but they are still
> visible, hence this patch) and I guess it would be the same for other
> filesystems, right? I'm not sure how a weird file could be used by user
> space. See
> https://lore.kernel.org/all/Zpc46HEacI%2Fwd7Rg@dread.disaster.area/
>
> The goal of this fix was mainly to not warn about a bcachefs issue (and
> avoid related syzkaller report for Landlock), and to harden Landlock in
> case other filesystems have this kind of bug.
Agreed - why was a CVE assigned?
More information about the Linux-security-module-archive
mailing list