From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=KmA+=H3=redhat.com=linux-audit-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 38B90C433E0
	for <linux-audit@archiver.kernel.org>; Thu, 25 Feb 2021 22:28:45 +0000 (UTC)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 5E91F64E7A
	for <linux-audit@archiver.kernel.org>; Thu, 25 Feb 2021 22:28:44 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5E91F64E7A
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=paul-moore.com
Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-286-jd8O7jzuNouvrBnT5xDZUA-1; Thu, 25 Feb 2021 17:28:37 -0500
X-MC-Unique: jd8O7jzuNouvrBnT5xDZUA-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 676A4803F4E;
	Thu, 25 Feb 2021 22:28:34 +0000 (UTC)
Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 304F25D6D7;
	Thu, 25 Feb 2021 22:28:34 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 90C284EBC6;
	Thu, 25 Feb 2021 22:28:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 11PMSV2m004737 for <linux-audit@listman.util.phx.redhat.com>;
	Thu, 25 Feb 2021 17:28:31 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7B37913E79C; Thu, 25 Feb 2021 22:28:31 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7541A13E79A
	for <linux-audit@redhat.com>; Thu, 25 Feb 2021 22:28:28 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D38A08007D9
	for <linux-audit@redhat.com>; Thu, 25 Feb 2021 22:28:28 +0000 (UTC)
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
	[209.85.218.46]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-514-_xdeOLGJNWiAxPmfhNjB-A-1; Thu, 25 Feb 2021 17:28:24 -0500
X-MC-Unique: _xdeOLGJNWiAxPmfhNjB-A-1
Received: by mail-ej1-f46.google.com with SMTP id w1so11493746ejf.11
	for <linux-audit@redhat.com>; Thu, 25 Feb 2021 14:28:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:cc;
	bh=Uw30SLR7ZUmnytJba3aAxTOWJATB//o6rQ1fLW/F66s=;
	b=Gt+/bgVp9j8iP+aDSHI6cVmwuIyL2goAOaPBcLTVXX+w4ryCQ8kZGbb0OPMhuXef6E
	hO4qa8PYaneUDtNf40kdb1plfNUUbpMapP9/w1w69Fud7PoLzjQhBFcyIP24BhtuxXM/
	tc3VtB4cU0t+upu3c8LnxE5KZgVGS9VzOPVS9iNyOCaJN1HBKSNrDeD+LCOVtdCcF5cg
	8sAmfoBnF4TuHRsnlpQsmMfwc44R+GuKjNTX5tbTzCXSCnFu9XSDKOPvTYJmv65cK+wN
	6gqGMIK5maL3ARHaEX0sES8IooOh9Cn/IKFmptYV4LmYCCKrFnxPJ2H9ibfSe9d8THWV
	SFQw==
X-Gm-Message-State: AOAM533ua76Kaj7KQikOq9wmxU8Q+OcYWaTtLIPLQ3Dp+ZbunyyK2IR6
	JK2MflBj0FjPt0dyMwD3IDJSco9FTlEiccvA15LjGOzFVeALqSM=
X-Google-Smtp-Source: ABdhPJxZ9lJbmMBofsgYA5wOLB4ADpNP4zhkt26e8U1vo01GvQjD7lEiyBrKl/mZEh4P3uRGvnDpHXR9hUczq6er9ss=
X-Received: by 2002:a17:906:a443:: with SMTP id
	cb3mr4944946ejb.542.1614292102743; 
	Thu, 25 Feb 2021 14:28:22 -0800 (PST)
MIME-Version: 1.0
References: <7230785.EvYhyI6sBW@x2>
In-Reply-To: <7230785.EvYhyI6sBW@x2>
From: Paul Moore <paul@paul-moore.com>
Date: Thu, 25 Feb 2021 17:28:11 -0500
Message-ID: <CAHC9VhSAywkDkTPi=Hii0G2rb=gsji0-W3EC55GwcBns_toXEw@mail.gmail.com>
Subject: Re: open_by_handle_at and CVE-2020-35501
To: Steve Grubb <sgrubb@redhat.com>
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: linux-audit@redhat.com
Cc: linux-audit@redhat.com
X-BeenThere: linux-audit@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Linux Audit Discussion <linux-audit.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Thu, Feb 25, 2021 at 5:15 PM Steve Grubb <sgrubb@redhat.com> wrote:
>
> Hello,
>
> There was an announcement on the oss-security mail list a week ago:
>
> https://seclists.org/oss-sec/2021/q1/155
>
> regarding auditing of the open_by_handle_at system call ...

The *at() syscalls are a known issue with respect to audit; we have a
few open GH issues related to the topic, the oldest appears to be the
one below:

* https://github.com/linux-audit/audit-kernel/issues/9

> ... In any event, they are asking what upstream audit is going to do about this?

I recognize it sounds a bit trite here, but "patches are always
welcome".  Basically someone needs to have the time and motivation to
look into this and put forth some patches that we can discuss and
iterate over.  The problem is that historically audit has attracted
very few kernel developers outside the occasional development push by
a distro preparing a OS release for a certification effort.  I was
just lamenting this fact on a private mail thread with some other
kernel developers a couple of weeks ago ...

-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit