lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 5 Jan 2012 15:49:53 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	Willy Tarreau <w@....eu>, linux-kernel@...r.kernel.org,
	security@...nel.org, pmatouse@...hat.com, agk@...hat.com,
	jbottomley@...allels.com, mchristi@...hat.com, msnitzer@...hat.com,
	Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices

On Thu, Jan 5, 2012 at 5:18 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
>
> Would you apply the patches as they are or do you want me to squash in
> something like this?
>
> diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
> index a6bedfe..bb94c88 100644
> --- a/block/scsi_ioctl.c
> +++ b/block/scsi_ioctl.c
> @@ -710,6 +710,14 @@ int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
>        case SG_SET_RESERVED_SIZE:
>        case SG_EMULATED_HOST:
>                return 0;
> +
> +       case CDROMEJECT:
> +               /* This is also unsafe for partition devices, but
> +                * "eject /mnt/usb-drive" invokes it.  Warn about it
> +                * and keep backwards compatibility.  */
> +               printk_ratelimited(KERN_WARNING
> +                                  "sending CDROMEJECT ioctl to a partition\n");
> +               return 0;
>        default:
>                break;
>        }

I think that right now the right thing to do woult probably to

 (a) print that warning - naming the actual ioctl number - for *every*
ioctl this disallows.

 (b) after warning, let them through for CAP_SYS_RAWIO, so that if
there are users of them, we will both know about them, _and_ we will
avoid breaking them if there are no security issues.

Hmm? Can you send such an updated patch, and we can get this in early
in the merge window, and start testing? I committed and pushed out the
ENOIOCTLCMD cleanup, let's see if that causes any problems..

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ