linux icon indicating copy to clipboard operation
linux copied to clipboard
verified publisher icon landlock-lsm

Restrict use of POSIX message queues

Open gnoack opened this issue 1 year ago • 1 comments

Should we restrict the use of POSIX message queues?

https://man7.org/linux/man-pages/man7/mq_overview.7.html

According to mq_open(3), this is implemented based on a system call with the same name, but I could not find existing references to it in the other LSMs. (I wonder whether this is getting restricted in a different way?)

gnoack avatar Apr 08 '24 20:04 gnoack

Should we restrict the use of POSIX message queues?

Yes!

According to mq_open(3), this is implemented based on a system call with the same name, but I could not find existing references to it in the other LSMs. (I wonder whether this is getting restricted in a different way?)

There is at least a call to security_ionde_permission() from prepare_open(). There are also security_msg_queue_*() hooks.

Related to #7, #8, and #30.

l0kod avatar Apr 11 '24 13:04 l0kod