lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 May 2012 15:46:17 +0800
From:	Amos Kong <kongjianjun@...il.com>
To:	Li Zefan <lizefan@...wei.com>
Cc:	serue@...ibm.com, viro@...iv.linux.org.uk,
	linux-kernel@...r.kernel.org, tj@...nel.org, jmorris@...ei.org
Subject: Re: cgroup: denying device doesn't work with 'rw' mode string

In devcgroup_create(), we create a new whitelist, and add first entry
which type is 'DEV_ALL'.
Execute "# echo 'b 253:3 rw' > devices/devices.deny",
dev_whitelist_rm() will update access
of first entry to 3, but type of first entry is also 'DEV_ALL'

.. static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, ...) {
..      list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) {
..              if (walk->type == DEV_ALL)
..                      goto remove;

If the type is 'DEV_ALL', will try to remove it without checking major/minor/..

.. remove:
..              walk->access &= ~wh->access;

                access of first entry will be updated to 7(mrw) & ~4(w) = 3

..              if (!walk->access) {

                first entry will not be deleted, because walk->access is not 0

..                      list_del_rcu(&walk->list);
..                      kfree_rcu(walk, rcu);

Execute dd cmd to write device, __devcgroup_inode_permission() will be called.
The type of first list entry is 'DEV_ALL', just pass this permission checking.
(write operation will not be denied)

.. int __devcgroup_inode_permission(struct inode *inode, int mask) {
..         ....
..      dev_cgroup = task_devcgroup(current);
..      list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
..              if (wh->type & DEV_ALL)
..                      goto found;

// If type is 'DEV_ALL', pass permission check

..                 ....
..              if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
..                      continue;
.. found:
..              rcu_read_unlock();
..              return 0;
..
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ