linux-stable/security
Tetsuo Handa e9cf96d3d0 tomoyo: fallback to realpath if symlink's pathname does not exist
commit ada1986d07 upstream.

Alfred Agrell found that TOMOYO cannot handle execveat(AT_EMPTY_PATH)
inside chroot environment where /dev and /proc are not mounted, for
commit 51f39a1f0c ("syscalls: implement execveat() system call") missed
that TOMOYO tries to canonicalize argv[0] when the filename fed to the
executed program as argv[0] is supplied using potentially nonexistent
pathname.

Since "/dev/fd/<fd>" already lost symlink information used for obtaining
that <fd>, it is too late to reconstruct symlink's pathname. Although
<filename> part of "/dev/fd/<fd>/<filename>" might not be canonicalized,
TOMOYO cannot use tomoyo_realpath_nofollow() when /dev or /proc is not
mounted. Therefore, fallback to tomoyo_realpath_from_path() when
tomoyo_realpath_nofollow() failed.

Reported-by: Alfred Agrell <blubban@gmail.com>
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082001
Fixes: 51f39a1f0c ("syscalls: implement execveat() system call")
Cc: stable@vger.kernel.org # v3.19+
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-10-10 12:01:03 +02:00
..
apparmor lsm: infrastructure management of the sock security 2024-10-04 16:33:46 +02:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-10-04 16:33:46 +02:00
integrity lsm: add the inode_free_security_rcu() LSM implementation hook 2024-10-04 16:33:42 +02:00
keys KEYS: trusted: dcp: fix leak of blob encryption key 2024-08-29 17:35:37 +02:00
landlock lsm: add the inode_free_security_rcu() LSM implementation hook 2024-10-04 16:33:42 +02:00
loadpin hardening fixes for v6.10-rc1 2024-05-24 08:33:44 -07:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux lsm: infrastructure management of the sock security 2024-10-04 16:33:46 +02:00
smack lsm: infrastructure management of the sock security 2024-10-04 16:33:46 +02:00
tomoyo tomoyo: fallback to realpath if symlink's pathname does not exist 2024-10-10 12:01:03 +02:00
yama yama: document function parameter 2024-06-06 11:40:28 -07:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig proc: add config & param to block forcing mem writes 2024-10-10 12:00:20 +02:00
Kconfig.hardening Revert "mm: init_mlocked_on_free_v3" 2024-06-15 10:43:05 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm: infrastructure management of the sock security 2024-10-04 16:33:46 +02:00