lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 13 May 2010 12:16:19 -0700
From:	Chris Wright <chrisw@...s-sol.org>
To:	Greg KH <greg@...ah.com>
Cc:	Chris Wright <chrisw@...s-sol.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, jbarnes@...tuousgeek.org,
	matthew@....cx, linux-pci@...r.kernel.org,
	linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
	ddutile@...hat.com, alex.williamson@...hat.com
Subject: Re: [PATCH 2/2 v2] pci: check caps from sysfs file open to read
 device dependent config space

* Greg KH (greg@...ah.com) wrote:
> On Thu, May 13, 2010 at 10:43:07AM -0700, Chris Wright wrote:
> > * Alan Cox (alan@...rguk.ukuu.org.uk) wrote:
> > > I agree with the problem - but IMHO the fix is to require opening the file
> > > checks CAP_SYS_something instead: not to hack the read method and make it
> > > even weirder and more un-Linux than it is now.
> > 
> > This patch does that.  Not as convenient from the KVM/libvirt point of view
> > because it is not prepared to do this setup before dropping privileges
> > and launching the VM.
> 
> So does that mean that this patch doesn't solve your original problem
> here?

Right, it means we have to change how we create a guest with a directly
assigned PCI device.

Currently KVM/libvirt is assuming that sysfs file ownership is sufficient
to read a sysfs file.  It chowns all relevant sysfs files and updates
security labels such that only that guest can access the files, then
drops privileges and launches the guest.

With the v2 patch we'll have to open the config space sysfs file in the
privileged context and pass it into the unprivileged one.  It is awkward,
but it should be doable.

thanks,
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ