Re: kernel crash in mknod

Linux-Security-Module Archive mirror
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>,
	Christian Brauner <brauner@kernel.org>
Cc: Roberto Sassu <roberto.sassu@huawei.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	 Steve French <smfrench@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	 linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	CIFS <linux-cifs@vger.kernel.org>,
	 Paulo Alcantara <pc@manguebit.com>,
	Christian Brauner <christian@brauner.io>,
	 Mimi Zohar <zohar@linux.ibm.com>,
	 "linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	 "linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>
Subject: Re: kernel crash in mknod
Date: Thu, 28 Mar 2024 09:03:46 -0400	[thread overview]
Message-ID: <CAHC9VhQ_w6uaOAKCj6mx7n7SNjk4d7vcUb3Bd6Wybx_1dA=ttQ@mail.gmail.com> (raw)
In-Reply-To: <20240328-verfrachten-geebnet-19181fb9ad65@brauner>

On Thu, Mar 28, 2024 at 8:07 AM Christian Brauner <brauner@kernel.org> wrote:
> On Thu, Mar 28, 2024 at 01:24:25PM +0200, Roberto Sassu wrote:
> > Also, consider that the pre hook security_path_mknod() has the dentry as
> > parameter. For symmetry, we could keep it in the post hook.
>
> I think that's not that important.

It is important to me.  If you change security_path_post_mknod() to
take an inode, please also change security_path_mknod() to take an
inode ... actually, looking quickly at the code it looks like at least
AppArmor and TOMOYO make use of the dentry and not just the associated
inode.  I didn't dive deeply into either so perhaps they could be
modified to use an inode instead, but that is a decision I would leave
up to John and Tetsuo.  While Landlock does make use of the hook, it
doesn't look like it cares about anything in the dentry.

With that in mind, unless Christian has a strong argument as to why
security_path_post_mknod() must change its parameter from a dentry to
an inode, I would very much prefer to have both hooks continue to take
a dentry, unless we all decide they can be safely changed to use an
inode as a parameter.  As the previous IMA/EVM hook took a dentry for
years, and Christian originally reviewed/OK'd the LSM hook, I'm
guessing there is not any significant harm in continuing to pass a
dentry, but if that isn't the case please say so ...

Of course this doesn't change anything with respect to the necessary
bugfix and/or the hook name/bikeshedding effort; no objections from me
on either.

-- 
paul-moore.com

next prev parent reply	other threads:[~2024-03-28 13:03 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAH2r5msAVzxCUHHG8VKrMPUKQHmBpE6K9_vjhgDa1uAvwx4ppw@mail.gmail.com>
     [not found] ` <20240324054636.GT538574@ZenIV>
2024-03-24 16:50   ` kernel crash in mknod Roberto Sassu
2024-03-24 21:02     ` Al Viro
2024-03-25 16:06     ` Christian Brauner
2024-03-25 17:18       ` Roberto Sassu
2024-03-26 11:40         ` Christian Brauner
2024-03-26 12:53           ` Paul Moore
2024-03-28 10:53           ` Roberto Sassu
2024-03-28 11:08             ` Christian Brauner
2024-03-28 11:24               ` Roberto Sassu
2024-03-28 12:07                 ` Christian Brauner
2024-03-28 13:03                   ` Paul Moore [this message]
2024-03-28 12:43                 ` Paul Moore
2024-03-25 17:21       ` Paul Moore
     [not found]       ` <CAH2r5muL4NEwLxq_qnPOCTHunLB_vmDA-1jJ152POwBv+aTcXg@mail.gmail.com>
2024-03-25 19:54         ` Al Viro
2024-03-25 20:46           ` Al Viro
2024-03-25 20:47           ` Paulo Alcantara
2024-03-25 21:13             ` Al Viro
2024-03-25 21:31               ` Paulo Alcantara
2024-03-25 17:05     ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHC9VhQ_w6uaOAKCj6mx7n7SNjk4d7vcUb3Bd6Wybx_1dA=ttQ@mail.gmail.com' \
    --to=paul@paul-moore.com \
    --cc=brauner@kernel.org \
    --cc=christian@brauner.io \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=pc@manguebit.com \
    --cc=roberto.sassu@huawei.com \
    --cc=roberto.sassu@huaweicloud.com \
    --cc=smfrench@gmail.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).