Skip to content

Create a Landlock Threat Model Document #64

Description

@gnoack

We should write up a threat model for Landlock,
to explain what is and what is not a security bug.

This will help security researchers and maintainers alike in reducing duplicate work
for cases where the problem is already known or where the problem is not considered a security bug.

Similar to the Linux threat model, which was added to documentation in May:

In some cases, the boundary between "vulnerability" and "new feature request" is blurry (e.g. we had to discuss it for whiteout objects), for these it might also be relevant to document even when we decided in discussion to treat it as feature request.

Some previously reported ones

Often reported non-vulnerabilities

  • Operations done through an io_uring are done with the credentials of the process at the time when the io_uring was created. This is working as intended implemented, but not mentioned loudly enough in documentation.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentation

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions