Linux Kernel Landlock Disconnected Directory Handling Vulnerability

A vulnerability in the Linux kernel's Landlock filesystem access control can lead to inconsistent access rights when dealing with disconnected directories. This issue arises when a directory is moved out of the scope of a bind mount, creating a disconnection that the system does not properly handle. As a result, access rights may be incorrectly evaluated, potentially allowing unauthorized access or modifications. The problem is particularly challenging to debug, as the paths of disconnected files cannot be printed or easily traced.

Impact

The vulnerability could cause access rights to be improperly evaluated, leading to unauthorized access or modifications of files and directories.

Reproduction

To reproduce this vulnerability, a sandboxed task must be created with write access to the source of a bind mount and read access to the related mount point. The task can then move a directory out of the bind mount's scope, creating a disconnected directory. When accessing files through this disconnected directory, the Landlock domain may not correctly evaluate the access rights, allowing for potential unauthorized actions.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel where this issue has been fixed.