Dear Kernel Developers, We’d like to bring this up for a discussion again.
Several months ago we posted an email discussing a case where remap_file_pages() has no security_mmap_file() check. At that time we were told that do_mmap_pgoff() will base the new VMA permission on the old one. But somehow we still think the check is needed, for the reason that the advisory could first do a mmap() which can pass SELinux check then remap using a completely different file or region of file, which could possibly pose a risk. Thanks, - Tong The original post is pasted below: 8<————————————————————————————— [1.] One line summary of the problem: Possible missing security_mmap_file() in remap_file_pages [2.] Full description of the problem/report: We noticed remap_file_pages syscall uses do_mmap_pgoff without LSM check: security_mmap_file(). This system call passed user controllable parameters to do_mmap_pgoff(). We think that this LSM check should be added in order to be consistent with other cases, for example: in system call mmap_pgoff(), shmat(), they all have security_mmap_file() check before calling do_mmap_pgoff(). [3.] Keywords: LSM check [4.] Kernel information [4.1] Kernel Version: 4.14.61 8<—————————————————————————————
