lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 9 Aug 2013 16:04:24 -0700
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Bob Smith <bsmith@...uxtoys.org>
Cc:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 001/001] CHAR DRIVERS: a simple device to give daemons a
 /sys-like interface

On Fri, Aug 09, 2013 at 03:51:39PM -0700, Bob Smith wrote:
> Greg Kroah-Hartman wrote:
> >On Wed, Aug 07, 2013 at 02:53:50PM -0700, Bob Smith wrote:
> >>Agreed.  But you need root permissions to install an application
> >>and part of that installation can be setting up systemd files
> >>that allocate resources at boot.
> >
> >Do you have examples of those systemd files?  Last I looked, they didn't
> >have mknod permissions anymore, which is a good thing.
> 
> The difference is that Linux usually detects the hardware that is
> connected to it and automatically creates device nodes for it.
> This is part of the boot process.
>     In the case of a userspace device driver, the kernel never sees
> the hardware so it is up the USD to create the nodes for the hardware.

Again, this isn't about hardware, it's about an ipc that you are
creating for user to user communication.  For this to require root
access isn't acceptable.

> >>Also, some applications start as root just so they can do this kind of
> >>allocation.  The app can (and should) drop root privileges when it
> >>can.
> >You shouldn't require root for a new feature, that seems strange.
> 
> OK, but root for a new feature dealing with hardware seems OK.

But you are NOT dealing with hardware here (well, your specific
implementation just happens to do so, but the driver sure doesn't.)

Also, root for hardware is not ok, otherwise how would you as a user be
able to talk to your serial port, or filesystem.

> >Also, namespaces aren't addressed at all, but that's a totally different
> >issue...
> 
> No, but I hope namespace policy can be handled in userspace and not
> in the proxy module itself.

How would that work out?

> > (snip)
> >>As noted above, yes, root has to set it up and set the permissions,
> >>but this is hardly unusual, is it?
> >
> >Yes it is, modern userspace does not create any device nodes anymore,
> >please let's not regress on that point.
> 
> Yes, I suppose this can be viewed as a regression, but I don't see a
> way around this right now.  The problem is that only the userspace
> driver sees the new hardware and so knows what device nodes to create.

Again, there is no "hardware" in your driver, that just happens to be
how you are using this IPC.  I could be using "hardware" for a daemon
that talks over a named pipe, but that doesn't mean anything to the
kernel code, right?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ