* Leaking path for search_binary_handler
@ 2018-09-25 17:27 Tong Zhang
2018-09-26 12:59 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Tong Zhang @ 2018-09-25 17:27 UTC (permalink / raw)
To: viro; +Cc: linux-fsdevel, linux-kernel, linux-security-module, wenbo.s
Kernel Version: 4.18.5
Problem Description:
search_binary_handler() should be called after setting bprm using prepare_binprm(),
and in prepare_binprm(), there’s a LSM hook security_bprm_set_creds(),
which can make a decision that binfmt cares.
We found a leaking path In fs/binfmt_misc.c:235, that don’t ask LSM’s decision.
- Tong
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Leaking path for search_binary_handler
2018-09-25 17:27 Leaking path for search_binary_handler Tong Zhang
@ 2018-09-26 12:59 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2018-09-26 12:59 UTC (permalink / raw)
To: Tong Zhang; +Cc: linux-fsdevel, linux-kernel, linux-security-module, wenbo.s
On 09/25/2018 01:27 PM, Tong Zhang wrote:
> Kernel Version: 4.18.5
>
> Problem Description:
>
> search_binary_handler() should be called after setting bprm using prepare_binprm(),
> and in prepare_binprm(), there’s a LSM hook security_bprm_set_creds(),
> which can make a decision that binfmt cares.
>
> We found a leaking path In fs/binfmt_misc.c:235, that don’t ask LSM’s decision.
Do you mean the MISC_FMT_CREDENTIALS case? That looks intentional to me,
as noted in the comment there, and as per
Documentation/admin-guide/binfmt-misc.rst's discussion of the
credentials flag.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-09-26 12:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-25 17:27 Leaking path for search_binary_handler Tong Zhang
2018-09-26 12:59 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).