On Fri, Apr 15, 2016 at 8:46 AM, Emrah Demir <ed at abdsec.com> wrote:
>
> file_ns_capable bring some problems.
No it does not. file_ns_capable() is _required_ for security. We have
had several security issues with file IO doing "capable()", and it's
wrong and insecure.
> I used capable and now there is no problem as far as I tested.
You just screwed up the security, and with your change, a suid
application can be fooled into making the hidden data available to
non-secure users.
"capable()" is wrong. For file reading, you *have* to use
file_ns_capable(). It really is that simple. You should not test the
capabilities of the process, you should be testing the capabilities of
the file descriptor, which comes from the *open-time* capabilities.
It sounds like you applied just the patch to kernel/resource.c,
without applying the infrastructure patch.
You also need commit 34dbbcdbf633 ("Make file credentials available to
the seqfile interfaces").
Linus
