On Fri, Feb 21, 2025 at 10:08 AM Mickaël Salaün <m...@digikod.net> wrote: > > It looks security checks are missing. With IOCTL commands, file > permissions are checked at open time, but with these syscalls the path > is only resolved but no specific access seems to be checked (except > inode_owner_or_capable via vfs_fileattr_set).
Thanks for reviewing the patch and catching this Mickaël. I agree with the hooks identified and their placement; it should be fairly straightforward with only a few lines added in each case. -- paul-moore.com
