Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Christoph,  

> On Oct 14, 2024, at 10:07 PM, Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:
> 
> On Wed, Oct 02, 2024 at 02:46:37PM -0700, Song Liu wrote:
>> Extend test_progs fs_kfuncs to cover different xattr names. Specifically:
>> xattr name "user.kfuncs", "security.bpf", and "security.bpf.xxx" can be
>> read from BPF program with kfuncs bpf_get_[file|dentry]_xattr(); while
>> "security.bpfxxx" and "security.selinux" cannot be read.
> 
> So you read code from untrusted user.* xattrs?  How can you carve out
> that space and not known any pre-existing userspace cod uses kfuncs
> for it's own purpose?

I don't quite follow the comment here. 

Do you mean user.* xattrs are untrusted (any user can set it), so we 
should not allow BPF programs to read them? Or do you mean xattr 
name "user.kfuncs" might be taken by some use space?

Thanks,
Song





[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux