Re: open_by_handle_at and CVE-2020-35501

On Thu, Feb 25, 2021 at 5:15 PM Steve Grubb <sgrubb(a)redhat.com&gt; wrote: The *at() syscalls are a known issue with respect to audit; we have a few open GH issues related to the topic, the oldest appears to be the one below: * https://github.com/linux-audit/audit-kernel/issues/9 I recognize it sounds a bit trite here, but "patches are always welcome". Basically someone needs to have the time and motivation to look into this and put forth some patches that we can discuss and iterate over. The problem is that historically audit has attracted very few kernel developers outside the occasional development push by a distro preparing a OS release for a certification effort. I was just lamenting this fact on a private mail thread with some other kernel developers a couple of weeks ago ... -- paul moore www.paul-moore.com