LSM: Whiteout chardev creation sidesteps mknod hook
Miklos Szeredi
miklos at szeredi.hu
Mon Apr 13 10:18:08 UTC 2026
On Sat, 11 Apr 2026 at 10:36, Günther Noack <gnoack at google.com> wrote:
> I also don't currently see how an attacker would abuse this, but I still see
> this as a violation of Landlock's security model if we can create a policy that
> denies the creation of character device directory entries, and then we still
> have a way to make them appear there where we previously had a different file.
Look: a whiteout is a whiteout, NOT a character device. Don't let the
fact that it's represented by "c 0 0" fool you, this is a completely
different beast. See commit a3c751a50fe6 ("vfs: allow unprivileged
whiteout creation").
Does this beast need special handling by LSMs? I have no idea, but
treating them the same as char devs sounds like a bad idea.
Thanks,
Miklos
More information about the Linux-security-module-archive
mailing list