lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 14 May 2010 12:09:23 -0700
From:	Greg KH <greg@...ah.com>
To:	Chris Wright <chrisw@...s-sol.org>, jbarnes@...tuousgeek.org
Cc:	matthew@....cx, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	ddutile@...hat.com, alex.williamson@...hat.com
Subject: Re: [PATCH 2/2] pci: allow sysfs file owner to read device
 dependent config space

On Wed, May 12, 2010 at 06:29:57PM -0700, Chris Wright wrote:
> The PCI config space bin_attr read handler has a hardcoded CAP_SYS_ADMIN
> check to verify privileges before allowing a user to read device
> dependent config space.  This is meant to protect from an unprivileged
> user potentially locking up the box.
> 
> When assigning a PCI device directly to a guest with libvirt and KVM,
> the sysfs config space file is chown'd to the unprivileged user that
> the KVM guest will run as.  The guest needs to have full access to the
> device's config space since it's responsible for driving the device.
> However, despite being the owner of the sysfs file, the CAP_SYS_ADMIN
> check will not allow read access beyond the config header.
> 
> With this patch the sysfs file owner is also considered privileged enough
> to read all of the config space.
> 
> Signed-off-by: Chris Wright <chrisw@...s-sol.org>
> ---
>  drivers/pci/pci-sysfs.c |    4 +++-

Jesse, any objection to this going through my tree as it will depend on
the sysfs change?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ