Repost: Missing security_mmap_file() in remap_file_pages syscall

Dear Kernel Developers, We’d like to bring this up for a discussion again. Several months ago we posted an email discussing a case where remap_file_pages() has no security_mmap_file() check. At that time we were told that do_mmap_pgoff() will base the new VMA permission on the old one. But some

Leaking Path in XFS's ioctl interface(missing LSM check)

Hi, I'm bringing up this issue again to let of LSM developers know the situation, and would like to know your thoughts. Several weeks ago I sent an email to the security list to discuss the issue where XFS's ioctl interface can do things like vfs_readlink without asking LSM's permission, which w

Naming confusion and code comments for security_kernel_(post_)read_file

When we were doing code review, we found and feel that the current name and description of security_kernel_read_file and security_kernel_post_read_file, and corresponding document/code comment in include/linux/lsm_hooks.h is confusing and kind of misleading as we discovered that security_kernel_

Re: Leaking path for set_task_comm

Yes, this is exactly what I am saying. A process can change its own name using prctl or /proc/self/comm. prctl is protected by security_task_prctl, whereas /proc/self/comm is not protected by this LSM hook. A system admin may expect to use security_task_prctl to block all attempt to change proce

Re: different capability from different namespace required for prctl_set_mm_exe_file

I can see there are two problems, First: In kernel/sys.c:2117 capable(CAP_SYS_RESOURCE), seems that ns_capable should be used to check capability against user namespace, instead of init_user_ns. Because a process in a user namespace may call prctl system call and this should be checked agains

Re: [PATCH 1/1] broken perf tool on 4.4-rc1

It’s v4.5-rc1, not 4.4-rc1. never mind the version in the title.