hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/security/tomoyo
History
Tetsuo Handa cd9ce830fa tomoyo: fallback to realpath if symlink's pathname does not exist 
commit ada1986d07 upstream.

Alfred Agrell found that TOMOYO cannot handle execveat(AT_EMPTY_PATH)
inside chroot environment where /dev and /proc are not mounted, for
commit 51f39a1f0c ("syscalls: implement execveat() system call") missed
that TOMOYO tries to canonicalize argv[0] when the filename fed to the
executed program as argv[0] is supplied using potentially nonexistent
pathname.

Since "/dev/fd/<fd>" already lost symlink information used for obtaining
that <fd>, it is too late to reconstruct symlink's pathname. Although
<filename> part of "/dev/fd/<fd>/<filename>" might not be canonicalized,
TOMOYO cannot use tomoyo_realpath_nofollow() when /dev or /proc is not
mounted. Therefore, fallback to tomoyo_realpath_from_path() when
tomoyo_realpath_nofollow() failed.

Reported-by: Alfred Agrell <blubban@gmail.com>
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082001
Fixes: 51f39a1f0c ("syscalls: implement execveat() system call")
Cc: stable@vger.kernel.org # v3.19+
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-10-10 11:57:57 +02:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
Kconfig tomoyo: Update website link 2023-01-13 23:11:38 +09:00
Makefile tomoyo: Omit use of bin2c 2023-01-09 21:46:50 +09:00
audit.c tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() 2023-03-01 23:46:12 +09:00
common.c tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:48:39 +00:00
common.h tomoyo: remove unused function declaration 2023-08-13 22:07:15 +09:00
condition.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
domain.c tomoyo: fallback to realpath if symlink's pathname does not exist 2024-10-10 11:57:57 +02:00
environ.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
gc.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
group.c tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). 2019-12-16 23:02:27 +09:00
load_policy.c TOMOYO: fix __setup handlers return values 2022-02-24 07:45:07 +09:00
memory.c tomoyo: Fix null pointer check 2020-11-27 19:36:11 +09:00
mount.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
network.c tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD 2021-03-28 13:11:29 +09:00
realpath.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
securityfs_if.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
tomoyo.c lsm: new security_file_ioctl_compat() hook 2024-01-31 16:18:54 -08:00
util.c tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00