lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 21 May 2009 23:14:52 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Kay Sievers <kay.sievers@...y.org>
Cc:	Alan Stern <stern@...land.harvard.edu>,
	Al Viro <viro@...iv.linux.org.uk>,
	Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: How to tell whether a struct file is held by a process?

> Not sure, if we already discussed that with a conclusion: this
> "prevent access to a future device" interface needs to work at the pid
> level, or would a uid/gid check be sufficient?

As I said before neither pid or uid make any sense at all for a kernel
level check beyond what already exists at user space level (ie chown),
and what the usual user space gunk provides for device creation policy
(udev)

> Root can do all that stuff anyway, even with the locking in place.
> Uid/gid file permissions need to be applied to the "lock file", so
> specified non-root users can use that interface.

It's actually sometimes important that root can ignore the lock
files - eg to send a reset to a channel of a jammed device that is owned
by a user and wedged.
 
> Maybe it would be good enough, to check that the one that opened the
> "lock file" has the same uid/gid as the on that tries to open the
> device when it has shown up?

My feeling too - there simply isn't any need for kernel infrastructure
here. The only case the kernel must be involved is when you need
exclusivity including telling the kernel to leave things alone, and even
that usually only needs to be by specific handle and we normally borrow
O_EXCL for it as it has no "traditional" meaning on device nodes.

We do tty devices with lock files no reason it won't work for USB stuff
too.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ