On Fri, Mar 11, 2022 at 8:35 PM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > On 2022/03/12 7:15, Paul Moore wrote: > > The silence on this has been deafening :/ No thoughts on fixing, or > > not fixing OPEN_FMODE(), Al? > > On 2022/03/01 19:15, Mickaël Salaün wrote: > > > > On 01/03/2022 10:22, Christian Brauner wrote: > >> That specific part seems a bit risky at first glance. Given that the > >> patch referenced is from 2009 this means we've been allowing O_WRONLY | > >> O_RDWR to succeed for almost 13 years now. > > > > Yeah, it's an old bug, but we should keep in mind that a file descriptor > > created with such flags cannot be used to read nor write. However, > > unfortunately, it can be used for things like ioctl, fstat, chdir… I > > don't know if there is any user of this trick. > > I got a reply from Al at https://lkml.kernel.org/r/20090212032821.GD28946@xxxxxxxxxxxxxxxxxx > that sys_open(path, 3) is for ioctls only. And I'm using this trick when opening something > for ioctls only. Thanks Tetsuo, that's helpful. After reading your email I went digging around to see if this was documented anywhere, and buried in the open(2) manpage, towards the bottom under the "File access mode" header, is this paragraph: "Linux reserves the special, nonstandard access mode 3 (binary 11) in flags to mean: check for read and write permission on the file and return a file descriptor that can't be used for reading or writing. This nonstandard access mode is used by some Linux drivers to return a file descriptor that is to be used only for device-specific ioctl(2) operations." I learned something new today :) With this in mind it looks like doing a SELinux file:ioctl check is the correct thing to do. Thanks again Tetsuo for clearing things up. -- paul-moore.com