Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp23496ybp; Thu, 3 Oct 2019 09:38:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqwQjRC1AE5LJ1AkhL1tjyzf0r4JM+ILGA26o8mmGL5RAbGDMQEngCFOj6hqx0YwTOOGbP4P X-Received: by 2002:a50:9208:: with SMTP id i8mr10388118eda.3.1570120728288; Thu, 03 Oct 2019 09:38:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570120728; cv=none; d=google.com; s=arc-20160816; b=GCwFfkQuMyZZBPWh7VIvIKEbSbNaeY6HpSfFh5JiEX9Gd82Qh0ncC/OsF5K1rREyvf YzmWquYEGIZlgU8zKvRgjs7dZuX0yOflraPz9QpQSBRodohVrCb8uA4NeRxGomw9Hykb UgnpfNGqWNibnNZIxfZDo3fAy3RuUvBXCgCMMscgJ9RWBWcFvz/aRoPHW49y0dVKq6H5 musZV77Ie2sCj3Lj3vx0/sWB8CVLrmCHep/2fQxzxK3b0gYBjA+4ydHL39RlXViOkfkq FJdULyV9R6Oh1g6nozSINy4+fzt+WGr9w384O4QC3T5tGJmkdMz+IFRenILCuNR3JO9O /HpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GU82kkgSz2sMllN4/O8eNb4/d61zNgUiSm7xBezDrQs=; b=Z25M5dZI4hMZUUrZtz3dT0jguBBmOoE7X/o9P05K0JkDTtHl8IYexto+B6fcs2l9gz v4u/QIhmZEEgE+CY2dwBF7PkkJcM+K5fuoz/E8JIP7SoWIHqwQ2AbKafdmkSSmXPoklk 0r/CUr6qPlsCj8BoJFQmX8iiJG806fL0FS4WChJPOWSO/XlSd/eRzvmvw+AORVXuIwpq 6oJdaze1bN2y9iRSBROrcfRctFyoPKY7lR/BXeR20NAbTdYQTzgwUnhFO4ab0r6BdIsn wc6IE+2y69+b/2dsIzo3dsFDzScda7T56idG2kTiqZyjdfF2jtds7uQipU//HYNFV3It HqGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ALKHEYHh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si1911383ede.424.2019.10.03.09.38.23; Thu, 03 Oct 2019 09:38:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ALKHEYHh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404460AbfJCQgo (ORCPT + 99 others); Thu, 3 Oct 2019 12:36:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:45922 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391750AbfJCQgk (ORCPT ); Thu, 3 Oct 2019 12:36:40 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 66A4E2070B; Thu, 3 Oct 2019 16:36:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570120599; bh=ppvgryPXoAV87FTYKqBMl7LfUlYuP5FSY5V3yCvro1c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ALKHEYHhbk999a26bF7YJAQYy8VsG8mJUUub/Omgx8eS/IJKw0FCzVbVPkamX54NC p5L7ope6lF09al7OUAO5S69kAl8EzT0UScdjjccnGFXG2P4xMMCoBSpu+iRGmbSWGy NCQ+ZqCB/yUw0Hm0wIBqv4y4tgDp7gou7zWZdrdg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Salyzyn , linux-security-module@vger.kernel.org, kernel-team@android.com, Miklos Szeredi Subject: [PATCH 5.2 281/313] ovl: filter of trusted xattr results in audit Date: Thu, 3 Oct 2019 17:54:19 +0200 Message-Id: <20191003154600.730861390@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191003154533.590915454@linuxfoundation.org> References: <20191003154533.590915454@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Salyzyn commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream. When filtering xattr list for reading, presence of trusted xattr results in a security audit log. However, if there is other content no errno will be set, and if there isn't, the errno will be -ENODATA and not -EPERM as is usually associated with a lack of capability. The check does not block the request to list the xattrs present. Switch to ns_capable_noaudit to reflect a more appropriate check. Signed-off-by: Mark Salyzyn Cc: linux-security-module@vger.kernel.org Cc: kernel-team@android.com Cc: stable@vger.kernel.org # v3.18+ Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin") Signed-off-by: Miklos Szeredi Signed-off-by: Greg Kroah-Hartman --- fs/overlayfs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -383,7 +383,8 @@ static bool ovl_can_list(const char *s) return true; /* Never list trusted.overlay, list other trusted for superuser only */ - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN); + return !ovl_is_private_xattr(s) && + ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)