Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Date: Fri, 26 Jun 2020 23:21:58 -0500
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx>, Greg Kroah-Hartman <greg@xxxxxxxxx>, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, bpf <bpf@xxxxxxxxxxxxxxx>, linux-fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>, Gary Lin <GLin@xxxxxxxx>, Bruno Meneguele <bmeneg@xxxxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
In-reply-to: <32604829-35f7-5263-aff1-27808500c1d1@i-love.sakura.ne.jp> (Tetsuo Handa's message of "Sat, 27 Jun 2020 10:26:33 +0900")
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes:
> On 2020/06/27 1:45, Eric W. Biederman wrote:
>> Does this series by using the normal path through exec solve your
>> concerns with LSMs being able to identify these processes (both
>> individually and as class)?.
>
> I guess "yes" for pathname based LSMs. Though, TOMOYO wants to obtain both
> AT_SYMLINK_NOFOLLOW "struct path" and !AT_SYMLINK_NOFOLLOW "struct path"
> at do_open_execat() from do_execveat_common().

Is that a problem with the current do_execveat_common in general?

That does not sound like a problem in the user mode driver case as
there are no symlinks involved.

Eric

Follow-Ups:
- Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
  - From: Tetsuo Handa

References:
- Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
  - From: Greg KH
- Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
  - From: Tetsuo Handa
- Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
  - From: Greg KH
- Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
  - From: David Miller
- Re: [RFC][PATCH] net/bpfilter: Remove this broken and apparently unmantained
  - From: Linus Torvalds
- [PATCH 00/14] Make the user mode driver code a better citizen
  - From: Eric W. Biederman
- [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
  - From: Eric W. Biederman
- Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
  - From: Tetsuo Handa
- Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
  - From: Eric W. Biederman
- Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
  - From: Tetsuo Handa

Prev by Date: [PATCH v2] coredump: Add %f for executable file name.
Next by Date: Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
Previous by thread: Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
Next by thread: Re: [PATCH 05/14] umh: Separate the user mode driver and the user mode helper support
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]