| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Dec 2009 19:15:49 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Miklos Szeredi <miklos@...redi.hu> Cc: akpm@...ux-foundation.org, viro@...IV.linux.org.uk, dhowells@...hat.com, hch@...radead.org, adilger@....com, mtk.manpages@...il.com, torvalds@...ux-foundation.org, drepper@...il.com, jamie@...reable.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] vfs: new O_NODE open flag > 1) There's a security hole with dynamicly allocated devices if > permissions on new device are difference than on old device. > > The issue is valid, but also exists if hard links are created to > device nodes. udev already defends against this by setting > permissions on device to zero before unlinking it. udev defends against it with the specific knowledge that any existing open means the device is open and cannot be unloaded. The combination is required (and some other happenstance properties). For O_NODE you must implement revoke() as well and get it into tools like udev before you are safe. I appreciate "you need revoke" is a bit like saying "there is one small problem, you just need to reimplement a major subsystem while you are at it", but from a security perspective I don't see any other way to make O_NODE safe in this situation. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists