lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200701121636.15989.hnguyen@linux.vnet.ibm.com>
Date:	Fri, 12 Jan 2007 16:36:15 +0100
From:	Hoang-Nam Nguyen <hnguyen@...ux.vnet.ibm.com>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Roland Dreier <rdreier@...co.com>, linux-kernel@...r.kernel.org,
	linuxppc-dev@...abs.org, openfabrics-ewg@...nib.org,
	openib-general@...nib.org, raisch@...ibm.com
Subject: Re: [PATCH/RFC 2.6.21 3/5] ehca: completion queue: remove use of do_mmap()

Hi,
> > +		if (my_cq->ownpid != cur_pid) {
> > +			ehca_err(device, "Invalid caller pid=%x ownpid=%x "
> > +				 "cq_num=%x",
> > +				 cur_pid, my_cq->ownpid, my_cq->cq_number);
> > +			return -EINVAL;
> > +		}
> 
> (for other reviewers: this is not new code, just moved around)
> 
> Owner tracking by pid is really dangerous.  File descriptors can be
> passed around by unix sockets, a single process can have files open
> more than once, etc..
> 
> It seems ehca wants to prevent threads other than the creating one
> from performing most operations.  Can you explain the reason for this?
you point to the right spot... This has a historic reason as we
have needed to support fork(), system("date") etc for kernel 2.6.9, 
hence those vma flags manipulation and this pid checking as proactive
protection/restriction. For newer kernel, I guess >=2.6.12, this checking
were not necessary, but we would feel better after we had tested user 
space stuff more thoroughly without this piece of code. Since this is 
not new code, can we pls handle this later?
Regards
Nam
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ