Restrict use of POSIX message queues

landlock-lsm / linux

Linux kernel - See Landlock issues

https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/

Other

35 stars 10 forks source link

Restrict use of POSIX message queues #29

Open gnoack opened 7 months ago

gnoack commented 7 months ago

Should we restrict the use of POSIX message queues?

https://man7.org/linux/man-pages/man7/mq_overview.7.html

According to mq_open(3), this is implemented based on a system call with the same name, but I could not find existing references to it in the other LSMs. (I wonder whether this is getting restricted in a different way?)

l0kod commented 7 months ago

Should we restrict the use of POSIX message queues?

Yes!

According to _mqopen(3), this is implemented based on a system call with the same name, but I could not find existing references to it in the other LSMs. (I wonder whether this is getting restricted in a different way?)

There is at least a call to security_ionde_permission() from prepare_open(). There are also security_msg_queue_*() hooks.

Related to #7, #8, and #30.