Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls

From: Paul Moore
Date: Fri Feb 21 2025 - 19:34:26 EST

Next message: Inochi Amaoto: "Re: [PATCH 1/2] dt-bindings: pci: Add Sophgo SG2044 PCIe host"
Previous message: Chuck Lever: "Re: [PATCH 6/6] VFS: Change vfs_mkdir() to return the dentry."
In reply to: Mickaël Salaün: "Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls"
Next in thread: Darrick J. Wong: "Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 21, 2025 at 10:08 AM Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
>
> It looks security checks are missing. With IOCTL commands, file
> permissions are checked at open time, but with these syscalls the path
> is only resolved but no specific access seems to be checked (except
> inode_owner_or_capable via vfs_fileattr_set).

Thanks for reviewing the patch and catching this Mickaël. I agree
with the hooks identified and their placement; it should be fairly
straightforward with only a few lines added in each case.

--
paul-moore.com

Next message: Inochi Amaoto: "Re: [PATCH 1/2] dt-bindings: pci: Add Sophgo SG2044 PCIe host"
Previous message: Chuck Lever: "Re: [PATCH 6/6] VFS: Change vfs_mkdir() to return the dentry."
In reply to: Mickaël Salaün: "Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls"
Next in thread: Darrick J. Wong: "Re: [PATCH v3] fs: introduce getfsxattrat and setfsxattrat syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]