lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFzAo5hjCkKe1aaHgyCYc6RYRb8tf+zPTUwO6R8WWd9T-Q@mail.gmail.com>
Date:	Thu, 22 Dec 2011 10:37:56 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	linux-kernel@...r.kernel.org, security@...nel.org,
	pmatouse@...hat.com, agk@...hat.com, jbottomley@...allels.com,
	mchristi@...hat.com, msnitzer@...hat.com
Subject: Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices

On Thu, Dec 22, 2011 at 10:02 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
> Linux allows executing the SG_IO ioctl on a partition or even on an
> LVM volume, and will pass the command to the underlying block device.
> This is well-known, but it is also a large security problem when (via
> Unix permissions, ACLs, SELinux or a combination thereof) a program or
> user needs to be granted access to a particular partition or logical
> volume but not to the full device.

So who actually *does* this in practice?

> +       /* In particular, rule out all resets and host-specific ioctls.  */
> +       return -ENOTTY;

This kind of crazy needs to go away.

If it's a permission problem, state that. Don't turn it into ENOTTY that then:

> +               return ret == -ENOTTY ? -ENOIOCTLCMD : ret;

gets turned into another random error number.

That's just crazy. No way am I ever applying patches *this* confused
without some serious explanation. And quite frankly, probably not even
then.

If it's a permission issue, return EPERM. Nothing else.

If returning EPERM causes problems for eject or other user tools,
explain it. And then just say "ok, we allow eject on a partition, and
it ejects the disk".

                       Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ