[PATCH] selinux: log raw contexts as untrusted strings
Paul Moore
paul at paul-moore.com
Wed Jun 12 15:01:33 UTC 2019
On Wed, Jun 12, 2019 at 3:37 AM Ondrej Mosnacek <omosnace at redhat.com> wrote:
> On Wed, Jun 12, 2019 at 12:56 AM Paul Moore <paul at paul-moore.com> wrote:
> > On Tue, Jun 11, 2019 at 4:07 AM Ondrej Mosnacek <omosnace at redhat.com> wrote:
> > > These strings may come from untrusted sources (e.g. file xattrs) so they
> > > need to be properly escaped.
> > >
> > > Reproducer:
> > > # setenforce 0
> > > # touch /tmp/test
> > > # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
> > > # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
> > > (look at the generated AVCs)
> > >
> > > Actual result:
> > > type=AVC [...] trawcon=kuřecí řízek
> > >
> > > Expected result:
> > > type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B
> > >
> > > Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
> > > Cc: stable at vger.kernel.org # v5.1+
> > > Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
> > > ---
> > > security/selinux/avc.c | 10 ++++++++--
> > > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > Thanks, the patch looks fine to me, but it is borderline -stable
> > material in my opinion. I'll add it to the stable-5.2 branch, but in
> > the future I would prefer if you left the stable marking off patches
> > and sent a reply discussing *why* this should go to stable so we can
> > discuss it. I realize Greg likes to pull a lot of stuff into stable,
> > but I try to be a bit more conservative about what gets marked. Even
> > the simplest fix can still break things :)
>
> OK, I was a bit unsure whether to mark it as stable or not and
> eventually inclined to do so... I'll try be more careful about it in
> the future.
If it makes you feel better, it's not that big of a deal, I just felt
it was worth mentioning since we've been doing a bit of a "best
practices for submitting SELinux kernel patches" on the mailing list
lately and I felt this was worth mentioning. The basic idea is that I
think marking something for stable shouldn't be taken lightly and it
is worth a discussion, even if it is short.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list