lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 03 Nov 2009 22:24:29 -0500
From:	Valdis.Kletnieks@...edu
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	Hal Finney <hal.finney@...il.com>,
	tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	srajiv@...ux.vnet.ibm.com
Subject: Re: [tpmdd-devel] [PATCH] TPM: Let the tpm char device be openable multiple times

On Tue, 03 Nov 2009 15:41:58 MST, Jason Gunthorpe said:
> On Tue, Nov 03, 2009 at 01:14:28PM -0500, Valdis.Kletnieks@...edu wrote:
> > On Tue, 03 Nov 2009 09:31:55 PST, Hal Finney said:
> > > What if you don't want it accessible by user mode apps, you only want
> > > your middleware (ie tcs daemon, tcsd) to open it? Will this still
> > > allow that to be enforced, so nobody can interfere with tcsd's
> > > exclusive access to the device?
> > 
> > Couldn't tcsd just open the device with O_EXCL? Or am I missing something
> > subtle here?
> 
> O_EXCL isn't a locking flag...

Sorry, getting over the flu, my brain isn't totally online yet. I was
thinking of TIOCEXCL which is (a) an ioctl() and (b) apparently tty-specific.

A number of other things under drivers/ implement "only one open" semantics,
but those are hard-coded into the driver. But for the TPM, it's unclear if
exclusive or non-exclusive is the right model. Maybe the right answer is to
default to multiple opens, but have an ioctl() that turns on exclusive mode.
If you have a 'tcsd' daemon, it will need to get launched early enough
to do the open/ioctl before somebody else gets running anyhow, so it's
not adding to any raciness.  Yeah, it's a hack. And there's still a small
DoS issue - if the system is supposed to allow multiple opens, an abusive
process can ioctl() it and break it.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ