On Fri, Feb 21, 2025 at 10:08 AM Mickaël Salaün <mic@xxxxxxxxxxx> wrote:
It looks security checks are missing. With IOCTL commands, file permissions are checked at open time, but with these syscalls the path is only resolved but no specific access seems to be checked (except inode_owner_or_capable via vfs_fileattr_set).
Thanks for reviewing the patch and catching this Mickaël. I agree with the hooks identified and their placement; it should be fairly straightforward with only a few lines added in each case. -- paul-moore.com
