Re: [PATCH] selinux: log raw contexts as untrusted strings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 12, 2019 at 3:37 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Wed, Jun 12, 2019 at 12:56 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Tue, Jun 11, 2019 at 4:07 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > > These strings may come from untrusted sources (e.g. file xattrs) so they
> > > need to be properly escaped.
> > >
> > > Reproducer:
> > >     # setenforce 0
> > >     # touch /tmp/test
> > >     # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
> > >     # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
> > >     (look at the generated AVCs)
> > >
> > > Actual result:
> > >     type=AVC [...] trawcon=kuřecí řízek
> > >
> > > Expected result:
> > >     type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B
> > >
> > > Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
> > > Cc: stable@xxxxxxxxxxxxxxx # v5.1+
> > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > > ---
> > >  security/selinux/avc.c | 10 ++++++++--
> > >  1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > Thanks, the patch looks fine to me, but it is borderline -stable
> > material in my opinion.  I'll add it to the stable-5.2 branch, but in
> > the future I would prefer if you left the stable marking off patches
> > and sent a reply discussing *why* this should go to stable so we can
> > discuss it.  I realize Greg likes to pull a lot of stuff into stable,
> > but I try to be a bit more conservative about what gets marked.  Even
> > the simplest fix can still break things :)
>
> OK, I was a bit unsure whether to mark it as stable or not and
> eventually inclined to do so... I'll try be more careful about it in
> the future.

If it makes you feel better, it's not that big of a deal, I just felt
it was worth mentioning since we've been doing a bit of a "best
practices for submitting SELinux kernel patches" on the mailing list
lately and I felt this was worth mentioning.  The basic idea is that I
think marking something for stable shouldn't be taken lightly and it
is worth a discussion, even if it is short.

-- 
paul moore
www.paul-moore.com
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux