Hi XFS devs, We received this email on security@xxxxxxxxxx. This is under CAP_SYS_ADMIN, but it maybe should also check with selinux? regards, dan carpenter On Thu, Aug 09, 2018 at 05:59:50PM -0700, TongZhang wrote: > [1.] One line summary of the problem: > > Possible missing security_inode_readlink() in xfs_file_ioctl() > > [2.] Full description of the problem/report: > > We noticed a use of vfs_readlink() in xfs_file_ioctl(), which should have been checked by > security_inode_readlink(). > > The callgraph is: > xfs_file_ioctl()->xfs_readlink_by_handle()->vfs_readlink() > > This path allows user to do things similar to SyS_readlinkat(), and the parameters are > user controllable. > > > [3.] Keywords: LSM check > [4.] Kernel information > [4.1] Kernel Version: 4.14.61 > > > - Tong
