linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Richard Guy Briggs <rgb@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Linux-Audit Mailing List <linux-audit@redhat.com>,
	LKML <linux-kernel@vger.kernel.org>,
	io-uring@vger.kernel.org, Eric Paris <eparis@parisplace.org>,
	Steve Grubb <sgrubb@redhat.com>, Stefan Roesch <shr@fb.com>,
	Christian Brauner <brauner@kernel.org>,
	Jens Axboe <axboe@kernel.dk>,
	Pavel Begunkov <asml.silence@gmail.com>
Subject: Re: [PATCH v1 2/2] io_uring,audit: do not log IORING_OP_*GETXATTR
Date: Fri, 27 Jan 2023 18:01:37 -0500	[thread overview]
Message-ID: <Y9RX0QhHKfWv3TGL@madcap2.tricolour.ca> (raw)
In-Reply-To: <CAHC9VhQiy9vP7BdQk+SXG7gQKAqOAqbYtU+c9R0_ym0h4bgG7g@mail.gmail.com>

On 2023-01-27 17:43, Paul Moore wrote:
> On Fri, Jan 27, 2023 at 12:24 PM Richard Guy Briggs <rgb@redhat.com> wrote:
> > Getting XATTRs is not particularly interesting security-wise.
> >
> > Suggested-by: Steve Grubb <sgrubb@redhat.com>
> > Fixes: a56834e0fafe ("io_uring: add fgetxattr and getxattr support")
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> >  io_uring/opdef.c | 2 ++
> >  1 file changed, 2 insertions(+)
> 
> Depending on your security policy, fetching file data, including
> xattrs, can be interesting from a security perspective.  As an
> example, look at the SELinux file/getattr permission.
> 
> https://github.com/SELinuxProject/selinux-notebook/blob/main/src/object_classes_permissions.md#common-file-permissions

The intent here is to lessen the impact of audit operations.  Read and
Write were explicitly removed from io_uring auditing due to performance
concerns coupled with the denial of service implications from sheer
volume of records making other messages harder to locate.  Those
operations are still possible for syscall auditing but they are strongly
discouraged for normal use.

If the frequency of getxattr io_uring ops is so infrequent as to be no
distraction, then this patch may be more of a liability than a benefit.

> > diff --git a/io_uring/opdef.c b/io_uring/opdef.c
> > index a2bf53b4a38a..f6bfe2cf078c 100644
> > --- a/io_uring/opdef.c
> > +++ b/io_uring/opdef.c
> > @@ -462,12 +462,14 @@ const struct io_op_def io_op_defs[] = {
> >         },
> >         [IORING_OP_FGETXATTR] = {
> >                 .needs_file = 1,
> > +               .audit_skip             = 1,
> >                 .name                   = "FGETXATTR",
> >                 .prep                   = io_fgetxattr_prep,
> >                 .issue                  = io_fgetxattr,
> >                 .cleanup                = io_xattr_cleanup,
> >         },
> >         [IORING_OP_GETXATTR] = {
> > +               .audit_skip             = 1,
> >                 .name                   = "GETXATTR",
> >                 .prep                   = io_getxattr_prep,
> >                 .issue                  = io_getxattr,
> > --
> > 2.27.0
> 
> -- 
> paul-moore.com
> 

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635


  reply	other threads:[~2023-01-27 23:02 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-27 17:23 [PATCH v1 0/2] two suggested iouring op audit updates Richard Guy Briggs
2023-01-27 17:23 ` [PATCH v1 1/2] io_uring,audit: audit IORING_OP_FADVISE but not IORING_OP_MADVISE Richard Guy Briggs
2023-01-27 22:35   ` Paul Moore
2023-01-27 22:45     ` Jens Axboe
2023-01-27 22:57       ` Paul Moore
2023-01-28 16:48         ` Steve Grubb
2023-01-27 23:02       ` Richard Guy Briggs
2023-01-27 23:03         ` Jens Axboe
2023-01-27 23:08           ` Richard Guy Briggs
2023-01-27 22:55     ` Richard Guy Briggs
2023-01-27 23:05       ` Paul Moore
2023-01-27 17:23 ` [PATCH v1 2/2] io_uring,audit: do not log IORING_OP_*GETXATTR Richard Guy Briggs
2023-01-27 22:43   ` Paul Moore
2023-01-27 23:01     ` Richard Guy Briggs [this message]
2023-01-27 23:05       ` Jens Axboe
2023-01-28  0:07         ` Paul Moore
2023-01-28  0:06       ` Paul Moore
2023-01-28  0:19         ` Richard Guy Briggs
2023-01-28 17:26     ` Steve Grubb
2023-01-29 23:37       ` Paul Moore
2023-01-27 17:40 ` [PATCH v1 0/2] two suggested iouring op audit updates Jens Axboe
2023-01-27 19:42   ` Paul Moore
2023-01-27 19:43     ` Jens Axboe
2023-01-27 22:38       ` Paul Moore
2023-01-27 22:46         ` Jens Axboe
2023-01-27 22:53           ` Paul Moore
2023-01-27 23:02             ` Jens Axboe
2023-01-27 23:07               ` Richard Guy Briggs
2023-01-27 23:08               ` Paul Moore
2023-01-27 23:10                 ` Jens Axboe
2023-01-28 16:47             ` Steve Grubb
2023-01-28 17:03               ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y9RX0QhHKfWv3TGL@madcap2.tricolour.ca \
    --to=rgb@redhat.com \
    --cc=asml.silence@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=brauner@kernel.org \
    --cc=eparis@parisplace.org \
    --cc=io-uring@vger.kernel.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sgrubb@redhat.com \
    --cc=shr@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).