Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp2342223lqz; Tue, 2 Apr 2024 14:37:01 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUqe7eb6Kc0TVYpNviCIfax5n/PzUWfTr4o9Wvdb1zcFsHTV3kH8Wwgor1os5OfUixFL3CPbpcmWySXW4EAUTM2g7+tsfLvNwHJ7CEk7w== X-Google-Smtp-Source: AGHT+IFgI5TPT1EVC1sb3k/0X0mbgTDtWgXR4IErL3ISfcrExGthh0bcmz2HyzvCuTyBA+jMYq2T X-Received: by 2002:a17:903:2a8e:b0:1e0:3113:a4e7 with SMTP id lv14-20020a1709032a8e00b001e03113a4e7mr14859950plb.67.1712093821458; Tue, 02 Apr 2024 14:37:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712093821; cv=pass; d=google.com; s=arc-20160816; b=WJQDL8CtuZcXOWM6MCR9aYQliNdIun4o5NwX6FZhiyTRwJwUfYLxC87eS8bA0kO9F4 EUumKmtUkpvYF9IOqP6KrF8ToI6O+Wrplg0hCm9CkeSJk6yHJKCc3zRE8XaJi/oCLxuC CvFTHqX+JBuRQyTIS5C+qz/0gX13KZwmUUwM2SjBwZCf0WXRAOhRlntOT91I6L5N2QvK 7jbp05eAfuKB/s3Klpom4SOXMzp6zkivHl1r/6PASzqJRdn5EdFoiU7KAKzUQuyBaMnb eyz7DqYcexakPj1uXqHo6ezq6D7cSUQAvf+kTLR+hxxMx9qjldHGQt/LbED4FGr8nbrO LnJQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=timWU9GFd6HZQcBIpJ1fDsofXUJOEA2GJUMxdnQeWyI=; fh=OowmtwaeCoUj1avgsmqvD4Aeug+OOLdvbsAAHnMtHtc=; b=sgkUk1GI3Xus2nnlWLi4q0ZwTwaZkyHymnOhisp3O/rNV/DAVwZNnC+vN3gajq1uvd zWdx10yqFPv6MdDJbR3FcxqOH+7YjLerHPNJjfJw/xeOdHbO6awXn6HCpiMfpestN8df LAki5PupwVFiPloUG0tIWLD+FbZL4fyHiXWwCmhDP8x36br2ZemouCRiH1ySkgIg+Yvr QZKwSFf0LTU64WJ5lxq+hDey8JFJ8bdAkiEINFp97R4b2Rsh00As0DkBAh6thepZwb8D sF/omTD+kxLJGHE291Qt8uyZhbG06p1mAo4KXoNfyiB0GGWb5/0MELq4Qs1cTPRoqLDJ 5tLw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b="VFs56/kY"; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-128736-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128736-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ju6-20020a170903428600b001e26cc64d34si2036247plb.410.2024.04.02.14.37.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Apr 2024 14:37:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-128736-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b="VFs56/kY"; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-128736-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-128736-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id F04172895DF for ; Tue, 2 Apr 2024 21:37:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DA7CC15E806; Tue, 2 Apr 2024 21:36:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="VFs56/kY" Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E9C215E5D4 for ; Tue, 2 Apr 2024 21:36:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712093804; cv=none; b=dqt8w9aGyo2frkz0N8GuHfP9u2oo4MH5SEVJxH49kdoMZnIYav9sttwTgTpNhu+sw4tbhf6amm3ALlI2KhutOXR1m9lgUnGHNEcmr7qKrX0QVFnkkgkpYU1S4PRwL4ohjdGkuJFWxeSkhkzWM3ucNGODKcPfaADamLRKE/Lrhsw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712093804; c=relaxed/simple; bh=zRrJ7KggAH7cTt1Vhmiuiy2Df28+5h6/wPPYTkWVw04=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=ccYx5u1PqjeiMnT8C9JE4S+INuSomDEK5ER315wBqWXdF6NaLUHSE2fbKzA2IDbZde5GuVbKxYRSrU7XQMLS1LC26dzx3lyg0xf9OnPJuLWEMlFaecX9ywJiTL3626uBPXuD/GHfC4Ln0JGAL/AeJY9iIneNR/+d+kC3klb30m0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=VFs56/kY; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-61461580403so39011627b3.2 for ; Tue, 02 Apr 2024 14:36:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1712093801; x=1712698601; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=timWU9GFd6HZQcBIpJ1fDsofXUJOEA2GJUMxdnQeWyI=; b=VFs56/kYlEJ/L6SfqNtsq2LSS+FXJEtIlml70yJZrVYGXT5pKgv9O1EfqVnfef2DHC effgJPyzTa7fxIfft8tofMWxtRk6jmHDTs/yrjT89LI5jITiHeDxBltTiHMGm1NgfK0c C/IyN5f7hATZMFKF4tDkZVaKw40iTbRHuRL92vkwITMIrS8aH/VZ2+qDNVtlfDd2CWfD 4JwBLd0t6R2N76LWeJCWujE/6aOaergy+OuNTXokJ3qZixcUjT3l+gdhN9qrThw4qDzV aHjcDYvhpXIKiv7j7zkVSqOt6JiBpGFYEfXPT1uYaYV2WBffe/MmP7+wNEp2PnfMMkS0 L4Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712093801; x=1712698601; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=timWU9GFd6HZQcBIpJ1fDsofXUJOEA2GJUMxdnQeWyI=; b=k3yUqKKyoiLpMHkaJuD41tvsQtIppq8Rqn1egcxw3NrmRRaNboFEdlr8YYjpcJ7u4G +vIix0MckU3Gl7+TGnLAYYT+PWIXfUQnIWRC//4X3dUtomLkPiPaQMLJw4FKOeNimGsE 0Y1LpOYCWnb74GTGRxkYfhTNKhAd3m9508E8ZTM1LSTnIaHM+59JO6sdUiVLSnBQXG2w Vx9tDo13vIcpuaNK+bgLcyIq1CN6aetUJSxl1zT5zioLkVIBK1jjXCn0Da+lTasAF3mB W4+wTsS6Eyx2KJMcCeKvHx64RO5SoD0rA1E7ipDsnEygIrNLa9K0wDQO2NXKNDNvZsmm A+CA== X-Forwarded-Encrypted: i=1; AJvYcCWFd8/cA6/IFoyHQCBg9mp7g+evq7CmNX00v1uJ8UnHUT3DyjUwKndY8SYnoOBwgj597r7McPzd+yjqaAXvDJMesROAxEwwUNvQqjk7 X-Gm-Message-State: AOJu0YyNahV7vPwAdyltvIOJzWLteBeoaioIltQB0/2iPr56fhW4X3vT +aXHbndv3ecAnxAfI467G/oaHMaahJkOHoiU1B7qU4k+QMdudYhoQUpLMyIUZ8sIvH7Sm/MiJ4/ Q01Wzk1Q7IktvtLoAw2NwMbioijqMaNeNZ7Fo X-Received: by 2002:a81:8544:0:b0:610:e9b2:f84a with SMTP id v65-20020a818544000000b00610e9b2f84amr12120598ywf.26.1712093801155; Tue, 02 Apr 2024 14:36:41 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240402141145.2685631-1-roberto.sassu@huaweicloud.com> <20240402210035.GI538574@ZenIV> In-Reply-To: <20240402210035.GI538574@ZenIV> From: Paul Moore Date: Tue, 2 Apr 2024 17:36:30 -0400 Message-ID: Subject: Re: [GIT PULL] security changes for v6.9-rc3 To: Al Viro Cc: Linus Torvalds , Roberto Sassu , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org, Roberto Sassu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Apr 2, 2024 at 5:00=E2=80=AFPM Al Viro wr= ote: > On Tue, Apr 02, 2024 at 12:57:28PM -0700, Linus Torvalds wrote: > > > So in other cases we do handle the NULL, but it does seem like the > > other cases actually do validaly want to deal with this (ie the > > fsnotify case will say "the directory that mknod was done in was > > changed" even if it doesn't know what the change is. > > > > But for the security case, it really doesn't seem to make much sense > > to check a mknod() that you don't know the result of. > > > > I do wonder if that "!inode" test might also be more specific with > > "d_unhashed(dentry)". But that would only make sense if we moved this > > test from security_path_post_mknod() into the caller itself, ie we > > could possibly do something like this instead (or in addition to): > > > > - if (error) > > - goto out2; > > - security_path_post_mknod(idmap, dentry); > > + if (!error && !d_unhashed(dentry)) > > + security_path_post_mknod(idmap, dentry); > > > > which might also be sensible. > > > > Al? Anybody? > > Several things here: > > 1) location of that hook is wrong. It's really "how do we catch > file creation that does not come through open() - yes, you can use > mknod(2) for that". It should've been after the call of vfs_create(), > not the entire switch. LSM folks have a disturbing fondness of inserting > hooks in various places, but IMO this one has no business being where > they'd placed it. I know it's everyone's favorite hobby to bash the LSM and LSM devs, but it's important to note that we don't add hooks without working with the associated subsystem devs to get approval. In the cases where we don't get an explicit ACK, there is an on-list approval, or several ignored on-list attempts over weeks/months/years. We want to be good neighbors. Roberto's original patch which converted from the IMA/EVM hook to the LSM hook was ACK'd by the VFS folks. Regardless, Roberto if it isn't obvious by now, just move the hook back to where it was prior to v6.9-rc1. --=20 paul-moore.com