| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 06 Jul 2008 13:40:44 +0200 From: Andi Kleen <andi@...stfloor.org> To: Dmitri Monakhov <dmonakhov@...nvz.org> Cc: linux-kernel@...r.kernel.org, jens.axboe@...cle.com Subject: Re: [PATCH] loop: prevent get_user pages call from kernel thread(v2) Dmitri Monakhov <dmonakhov@...nvz.org> writes: > Yes... everybody know that it is bad to write from kernel thread, and it is > madness to do it with O_DIRECT. But occasionly file with O_DIRECT flag > may be passed to loop device via LOOP_SET_FD. So if file-system has't > address_space ops, or simply hide it like GFS, it is possible to kill kernel > via two lines program. In fact we can't effectively guard kernel space by > deny O_DIRECT in loop's code, because user space can set it via > fcntl(,F_SETFL,). Let's simply add sanity check mm related logic. Wouldn't it be better if loop simply dup()ed the file descriptor and then checked the flag? Presumably other fd flags could do bad things inside loop too. -Andi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists