| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Nov 2010 10:15:19 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Greg KH <greg@...ah.com> Cc: Kay Sievers <kay.sievers@...y.org>, Valdis.Kletnieks@...edu, Lennart Poettering <mzxreary@...inter.de>, linux-kernel <linux-kernel@...r.kernel.org>, Werner Fink <werner@...e.de>, Jiri Slaby <jslaby@...e.cz> Subject: Re: tty: add 'active' sysfs attribute to tty0 and console device > - the existing ioctl is broken and no userspace program can use > it properly, so it might as well be removed. You can use it happily for various things providing you hold the vt switch lock. It's not a very good API and wants something doing about it. However we can't deprecate it using either of the proposed patches because neither of them cover the needed functionality. > - Kay's patch is one proposed solution for what userspace is > wanting to learn about ttys. Werner's is another one. Kay's patch is useless. As we've demonstrated by as you call it "going off topic" it can't actually provide a credible security model. Its providing a variable without holding the locks that make the value meaningful. Thats as basic an error I can think of. We wouldn't accept kernel code which did mutex_lock(&foo->lock) temp = foo->only_valid_under_lock; mutex_unlock(&foo->lock); return temp; /* ma invalid by now */ especially when it was going to be used for permission management. We'd call it a bug. So why are we proposing to add an API that does exactly that ? > I can do any one, or multiple things from the following options: > > - disable the existing ioctl to return an error so that no new > userspace program starts to use it thinking it is valid > - accept Werner's patch for those who like proc files > - accept Kay's patch > > Any suggestions? None of the above. In fact the current situation is better than either of the patches because it's equally broken and involves no more broken APIs ! Doing it right means: - deprecating the existing ioctl (because it's a dumb interface and Kay is right about that) - adding a proper event device which is pollable and returns the same events (and more) using a small kfifo queue. Trivial to code and will not add another API we'll need to deprecate again the moment anyone wants to use it. - support synchronous switching by that interface or verify the existing vt locking interfaces will do the job in conjunction with it. Kay's approach doesn't solve three things - You can't use the data to implement proper secure desktop switching - It doesn't support moving to multiple active vts at a time - You can't deprecate the wait event interface unless you replace all the features of it that people use (eg resize events) So we will be back here again doing the same thing deprecating Kay's interface if we go that way. Having an event device actually lets us solve the problem properly, and if we are careful about the message formats cover the fact the KMS folks and others want multiple "live" virtual consoles at a time. If you have a /dev/vtmanager or similar and opening it allocates a kfifo of a page into which we stuff the events we currently post for waitevent then the code is trivial and it does what Kay needs as well as being able to cover the rest of the WAITEVENT interface and future multi-desktop stuff. So its trivial to do the job properly, which makes the existing patches all the wrong thing to do. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists