* [PATCH] security: Fix hook iteration and default value for inode_copy_up_xattr
@ 2020-06-21 22:21 KP Singh
2020-06-23 23:40 ` James Morris
0 siblings, 1 reply; 2+ messages in thread
From: KP Singh @ 2020-06-21 22:21 UTC (permalink / raw)
To: bpf, linux-security-module
Cc: Alexei Starovoitov, Daniel Borkmann, Jann Horn, Casey Schaufler,
Kees Cook, James Morris
From: KP Singh <kpsingh@google.com>
inode_copy_up_xattr returns 0 to indicate the acceptance of the xattr
and 1 to reject it. If the LSM does not know about the xattr, it's
expected to return -EOPNOTSUPP, which is the correct default value for
this hook. BPF LSM, currently, uses 0 as the default value and thereby
falsely allows all overlay fs xattributes to be copied up.
The iteration logic is also updated from the "bail-on-fail"
call_int_hook to continue on the non-decisive -EOPNOTSUPP and bail out
on other values.
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Signed-off-by: KP Singh <kpsingh@google.com>
---
include/linux/lsm_hook_defs.h | 2 +-
security/security.c | 17 ++++++++++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6791813cd439..f4b2e54162ae 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -150,7 +150,7 @@ LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
size_t buffer_size)
LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
-LSM_HOOK(int, 0, inode_copy_up_xattr, const char *name)
+LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name)
LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
struct kernfs_node *kn)
LSM_HOOK(int, 0, file_permission, struct file *file, int mask)
diff --git a/security/security.c b/security/security.c
index 0ce3e73edd42..70a7ad357bc6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1414,7 +1414,22 @@ EXPORT_SYMBOL(security_inode_copy_up);
int security_inode_copy_up_xattr(const char *name)
{
- return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
+ struct security_hook_list *hp;
+ int rc;
+
+ /*
+ * The implementation can return 0 (accept the xattr), 1 (discard the
+ * xattr), -EOPNOTSUPP if it does not know anything about the xattr or
+ * any other error code incase of an error.
+ */
+ hlist_for_each_entry(hp,
+ &security_hook_heads.inode_copy_up_xattr, list) {
+ rc = hp->hook.inode_copy_up_xattr(name);
+ if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
+ return rc;
+ }
+
+ return LSM_RET_DEFAULT(inode_copy_up_xattr);
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);
--
2.27.0.111.gc72c7da667-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] security: Fix hook iteration and default value for inode_copy_up_xattr
2020-06-21 22:21 [PATCH] security: Fix hook iteration and default value for inode_copy_up_xattr KP Singh
@ 2020-06-23 23:40 ` James Morris
0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2020-06-23 23:40 UTC (permalink / raw)
To: KP Singh
Cc: bpf, linux-security-module, Alexei Starovoitov, Daniel Borkmann,
Jann Horn, Casey Schaufler, Kees Cook
On Mon, 22 Jun 2020, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
>
> inode_copy_up_xattr returns 0 to indicate the acceptance of the xattr
> and 1 to reject it. If the LSM does not know about the xattr, it's
> expected to return -EOPNOTSUPP, which is the correct default value for
> this hook. BPF LSM, currently, uses 0 as the default value and thereby
> falsely allows all overlay fs xattributes to be copied up.
>
> The iteration logic is also updated from the "bail-on-fail"
> call_int_hook to continue on the non-decisive -EOPNOTSUPP and bail out
> on other values.
>
> Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
> Signed-off-by: KP Singh <kpsingh@google.com>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v5.8
> ---
> include/linux/lsm_hook_defs.h | 2 +-
> security/security.c | 17 ++++++++++++++++-
> 2 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index 6791813cd439..f4b2e54162ae 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -150,7 +150,7 @@ LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
> size_t buffer_size)
> LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
> LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
> -LSM_HOOK(int, 0, inode_copy_up_xattr, const char *name)
> +LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name)
> LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
> struct kernfs_node *kn)
> LSM_HOOK(int, 0, file_permission, struct file *file, int mask)
> diff --git a/security/security.c b/security/security.c
> index 0ce3e73edd42..70a7ad357bc6 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1414,7 +1414,22 @@ EXPORT_SYMBOL(security_inode_copy_up);
>
> int security_inode_copy_up_xattr(const char *name)
> {
> - return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
> + struct security_hook_list *hp;
> + int rc;
> +
> + /*
> + * The implementation can return 0 (accept the xattr), 1 (discard the
> + * xattr), -EOPNOTSUPP if it does not know anything about the xattr or
> + * any other error code incase of an error.
> + */
> + hlist_for_each_entry(hp,
> + &security_hook_heads.inode_copy_up_xattr, list) {
> + rc = hp->hook.inode_copy_up_xattr(name);
> + if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
> + return rc;
> + }
> +
> + return LSM_RET_DEFAULT(inode_copy_up_xattr);
> }
> EXPORT_SYMBOL(security_inode_copy_up_xattr);
>
>
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-23 23:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-21 22:21 [PATCH] security: Fix hook iteration and default value for inode_copy_up_xattr KP Singh
2020-06-23 23:40 ` James Morris
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).