| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 May 2009 18:15:59 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Kay Sievers <kay.sievers@...y.org> Cc: Alan Stern <stern@...land.harvard.edu>, Kernel development list <linux-kernel@...r.kernel.org>, Pantelis Koukousoulas <pktoss@...il.com>, USB list <linux-usb@...r.kernel.org> Subject: Re: usbfs, claiming entire usb devices > > Yes. That is, a process shouldn't be allowed to access a locked device > > unless that process is the lock holder. > > You think the pid or the uid would make more sense? How about neither ? The standard Unix behaviour is to open the file O_EXCL if you want exclusivity. Neither uid or pid are helpful or work in the many environments where you want security - in particular where (as is very common with user space driver type code) you want parts of your code running setuid and parts not, as two processes with different pid and uid values. If O_EXCL is interpeted as exclusive access (versus kernel and re-open of the same node) then you can implement the rest of the sematics in user space. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists