mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,248,702 Commits 103 Branches 4,995 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Paul Moore 16bae3e137 io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL 
We need to correct some aspects of the IORING_OP_FIXED_FD_INSTALL
command to take into account the security implications of making an
io_uring-private file descriptor generally accessible to a userspace
task.

The first change in this patch is to enable auditing of the FD_INSTALL
operation as installing a file descriptor into a task's file descriptor
table is a security relevant operation and something that admins/users
may want to audit.

The second change is to disable the io_uring credential override
functionality, also known as io_uring "personalities", in the
FD_INSTALL command.  The credential override in FD_INSTALL is
particularly problematic as it affects the credentials used in the
security_file_receive() LSM hook.  If a task were to request a
credential override via REQ_F_CREDS on a FD_INSTALL operation, the LSM
would incorrectly check to see if the overridden credentials of the
io_uring were able to "receive" the file as opposed to the task's
credentials.  After discussions upstream, it's difficult to imagine a
use case where we would want to allow a credential override on a
FD_INSTALL operation so we are simply going to block REQ_F_CREDS on
IORING_OP_FIXED_FD_INSTALL operations.

Fixes: dc18b89ab1 ("io_uring/openclose: add support for IORING_OP_FIXED_FD_INSTALL")
Signed-off-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20240123215501.289566-2-paul@paul-moore.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
 		2024-01-23 15:25:14 -07:00
Documentation Updates for time and clocksources: 2024-01-21 11:14:40 -08:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch powerpc fixes for 6.8 #2 2024-01-21 11:04:29 -08:00
block for-6.8/block-2024-01-18 2024-01-18 18:22:40 -08:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto crypto: scomp - fix req->dst buffer overflow 2023-12-29 11:25:56 +08:00
drivers Updates for time and clocksources: 2024-01-21 11:14:40 -08:00
fs More bcachefs updates for 6.7-rc1 2024-01-21 14:01:12 -08:00
include header cleanup fixup for 6.8-rc1 2024-01-21 10:21:43 -08:00
init Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
io_uring io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL 2024-01-23 15:25:14 -07:00
ipc shm: Slim down dependencies 2023-12-20 19:26:31 -05:00
kernel Updates for time and clocksources: 2024-01-21 11:14:40 -08:00
lib RISC-V Patches for the 6.8 Merge Window, Part 4 2024-01-20 11:06:04 -08:00
mm vfs-6.8.netfs 2024-01-19 09:10:23 -08:00
net Assorted CephFS fixes and cleanups with nothing standing out. 2024-01-19 09:58:55 -08:00
rust Rust changes for v6.8 2024-01-11 13:05:41 -08:00
samples RISC-V Patches for the 6.8 Merge Window, Part 4 2024-01-20 11:06:04 -08:00
scripts Coccinelle change for v6.8 2024-01-20 14:20:34 -08:00
security + Features 2024-01-19 10:53:55 -08:00
sound sound fixes for 6.8-rc1 2024-01-19 12:30:29 -08:00
tools RISC-V Patches for the 6.8 Merge Window, Part 4 2024-01-20 11:06:04 -08:00
usr Kbuild updates for v6.8 2024-01-18 17:57:07 -08:00
virt Generic: 2024-01-17 13:03:37 -08:00
.clang-format clang-format: Update with v6.7-rc4's `for_each` macro list 2023-12-08 23:54:38 +01:00
.cocciconfig
.editorconfig Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.get_maintainer.ignore
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.mailmap Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING
CREDITS Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Various smb client fixes, including multichannel and for SMB3.1.1 POSIX extensions 2024-01-20 16:48:07 -08:00
Makefile Linux 6.8-rc1 2024-01-21 14:11:32 -08:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.