Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-09 06:43:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Linux kernel source tree
1,233,475 Commits 3 Branches 868 Tags 3.5 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
f1bb47a31d
Go to file
Alfred Piccioni f1bb47a31d lsm: new security_file_ioctl_compat() hook 
Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).

However, if a 32-bit process is running on a 64-bit kernel, it emits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneously, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file
permissions.

This was also noted in a RED-PEN finding from a while back -
"/* RED-PEN how should LSM module know it's handling 32bit? */".

This patch introduces a new hook, security_file_ioctl_compat(), that is
called from the compat ioctl syscall. All current LSMs have been changed
to support this hook.

Reviewing the three places where we are currently using
security_file_ioctl(), it appears that only SELinux needs a dedicated
compat change; TOMOYO and SMACK appear to be functional without any
change.

Cc: stable@vger.kernel.org
Fixes: 0b24dcb7f2 ("Revert "selinux: simplify ioctl checking"")
Signed-off-by: Alfred Piccioni <alpic@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: subject tweak, line length fixes, and alignment corrections]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2023-12-24 15:48:03 -05:00
arch LSM: wireup Linux Security Module syscalls 2023-11-12 22:54:42 -05:00
block blk-core: use pr_warn_ratelimited() in bio_check_ro() 2023-11-07 08:15:23 -07:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto This push fixes a regression in ahash and hides the Kconfig sub-options for the jitter RNG. 2023-11-09 17:04:58 -08:00
Documentation LSM: Create lsm_list_modules system call 2023-11-12 22:54:42 -05:00
drivers wifi: iwlwifi: fix system commands group ordering 2023-11-12 11:34:19 -08:00
fs lsm: new security_file_ioctl_compat() hook 2023-12-24 15:48:03 -05:00
include lsm: new security_file_ioctl_compat() hook 2023-12-24 15:48:03 -05:00
init As usual, lots of singleton and doubleton patches all over the tree and 2023-11-02 20:53:31 -10:00
io_uring io_uring: do not clamp read length for multishot read 2023-11-06 13:41:58 -07:00
ipc Many singleton patches against the MM code. The patch series which are 2023-11-02 19:38:47 -10:00
kernel LSM: Create lsm_list_modules system call 2023-11-12 22:54:42 -05:00
lib lib: test_objpool: make global variables static 2023-11-10 19:59:04 +09:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm memblock: report failures when memblock_can_resize is not set 2023-11-08 09:40:13 -08:00
net calipso: fix memory leak in netlbl_calipso_add_pass() 2023-12-07 14:23:12 -05:00
rust Kbuild updates for v6.7 2023-11-04 08:07:19 -10:00
samples Landlock updates for v6.7-rc1 2023-11-03 09:28:53 -10:00
scripts Kbuild updates for v6.7 2023-11-04 08:07:19 -10:00
security lsm: new security_file_ioctl_compat() hook 2023-12-24 15:48:03 -05:00
sound sound fixes for 6.7-rc1 2023-11-10 11:57:51 -08:00
tools selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test 2023-11-22 11:04:31 -05:00
usr arch: Remove Itanium (IA-64) architecture 2023-09-11 08:13:17 +00:00
virt ARM: 2023-09-07 13:52:20 -07:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/ 2023-10-03 20:49:09 +09:00
.mailmap mailmap: add entries for Serge Hallyn's dead accounts 2023-11-13 14:15:11 -05:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add an entry for the lockdown LSM 2023-11-20 16:51:28 -05:00
Makefile Linux 6.7-rc1 2023-11-12 16:19:07 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.