Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper

Linux-Security-Module Archive mirror
 help / color / mirror / Atom feed

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
	Paul Moore <paul@paul-moore.com>,
	Kevin Locke <kevin@kevinlocke.name>,
	Josh Triplett <josh@joshtriplett.org>,
	Mateusz Guzik <mjguzik@gmail.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Kentaro Takeda <takedakn@nttdata.co.jp>,
	John Johansen <john.johansen@canonical.com>
Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper
Date: Sat, 27 Jan 2024 20:23:06 +0900	[thread overview]
Message-ID: <f1ed6129-409a-484b-a7f4-71b2be90b60f@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <0d820f39-2b9e-4294-801b-4fe30c71f497@I-love.SAKURA.ne.jp>

On 2024/01/27 20:00, Tetsuo Handa wrote:
> On 2024/01/27 16:04, Tetsuo Handa wrote:
>> If we can accept revival of security_bprm_free(), we can "get rid of current->in_execve flag"
>> and "stop saving things across two *independent* execve() calls".
> 
> Oops, I found a bug in TOMOYO (and possibly in AppArmor as well).
> TOMOYO has to continue depending on current->in_execve flag even if
> security_bprm_free() is revived.

No. We can "get rid of current->in_execve flag" and "stop saving things across
two *independent* execve() calls".

> @@ -327,9 +322,13 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
>   */
>  static int tomoyo_file_open(struct file *f)
>  {
> -       /* Don't check read permission here if called from execve(). */
> -       /* Illogically, FMODE_EXEC is in f_flags, not f_mode. */
> -       if (f->f_flags & __FMODE_EXEC)
> +       /*
> +        * Don't check read permission here if called from execve() for
> +        * the first time of that execve() request, for execute permission
> +        * will be checked at tomoyo_bprm_check_security() with argv/envp
> +        * taken into account.
> +        */
> +       if (current->in_execve && !tomoyo_task(current)->old_domain_info)

Since "f->f_flags & __FMODE_EXEC" == "current->in_execve", TOMOYO can continue using
"f->f_flags & __FMODE_EXEC", provided that tomoyo_task(current)->old_domain_info is
reset to NULL via security_bprm_free() callback when previous execve() request failed.

That is, if security_bprm_free() is revived, we can also get rid of current->in_execve.

next prev parent reply	other threads:[~2024-01-27 11:23 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <ZbE4qn9_h14OqADK@kevinlocke.name>
2024-01-24 16:35 ` [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper Kees Cook
2024-01-24 16:46   ` Linus Torvalds
2024-01-24 16:54     ` Linus Torvalds
2024-01-24 17:10       ` Linus Torvalds
2024-01-24 17:21         ` Kees Cook
2024-01-24 17:27           ` Linus Torvalds
2024-01-24 18:27             ` Linus Torvalds
2024-01-24 18:29               ` Linus Torvalds
2024-01-24 19:02               ` Kees Cook
2024-01-24 19:41                 ` Linus Torvalds
2024-01-25 14:16               ` Tetsuo Handa
2024-01-25 17:17                 ` Linus Torvalds
2024-01-27  7:04                   ` Tetsuo Handa
2024-01-27 11:00                     ` Tetsuo Handa
2024-01-27 11:23                       ` Tetsuo Handa [this message]
2024-01-24 18:57         ` Kees Cook
2024-01-27  5:17           ` John Johansen
2024-01-24 17:15   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f1ed6129-409a-484b-a7f4-71b2be90b60f@I-love.SAKURA.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=john.johansen@canonical.com \
    --cc=josh@joshtriplett.org \
    --cc=keescook@chromium.org \
    --cc=kevin@kevinlocke.name \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mjguzik@gmail.com \
    --cc=paul@paul-moore.com \
    --cc=takedakn@nttdata.co.jp \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).