lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Apr 2007 04:34:16 +0200 From: Oleg Verych <olecom@...wer.upol.cz> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Eduard Bloch <edi@....de>, linux-kernel@...r.kernel.org, debburn-devel@...ts.alioth.debian.org Subject: Re: broken device locking, sg vs. sg_io on block devices > From: Alan Cox > Newsgroups: gmane.linux.kernel > Subject: Re: broken device locking, sg vs. sg_io on block devices > Date: Sun, 1 Apr 2007 01:14:52 +0100 > [] >> Again, it doesn't have to. It can pass the locking operations to the >> related block device driver. > > No it can't. The driver has no idea what the locking rules are for > arbitary command blocks send to arbitary devices. /dev/sg is a *raw* > interface. You can send anything to anyone, and the locking rules for > that are far too complex for a giant morass of kernel code to get added. > > The mess begins because you use /dev/sg and put it in a cdrom group > instead of using SG_IO on the /dev/sr device. (offtop: 'cdrom' is as ugly as 'floppy' for anything like usb, firewire connected storage, why not use 'optics' and 'external' or something?) > The mess continues because of the user of O_EXCL locking thus forcing > re-open/close by HAL Manpage states something bad about it also... > instead of fcntl based co-operative locking. > > > getty/modem/uucp/terminal emulator/slip/ppp/.. Programs you've mentioned may have co-operative locking, but 'dd' or 'cat' have no knowledge of it for sure. Yet nothing prevents allowed user program to use this tools on /dev/tty*. AFAIK kernel developers are always ready for very broken userspace, yet co-operative locking is a job of the userspace programmers of very different tools. > The job of the kernel is not and never has been to anticipate and correct > everything stupid someone tries to do in user space. > As I said before the people wanting to arbitrate serial ports got this > right in the mid 1970's your situation is not much more complicated, Do you mean co-operative locking or carrier detection as a pre-hotplug thing (:? Tell me, please, somebody, why non-exclusive co-operative locking (if it was implemented anyways), racy and already used in userspace applications O_EXCL are better than _mandatory locking_? I've found this helpful against any broken userspace, trying hijack my device and read or write bytes to it. ____ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists