lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121102204825.7e4bd641@pyramind.ukuu.org.uk>
Date:	Fri, 2 Nov 2012 20:48:25 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Tejun Heo <tj@...nel.org>
Cc:	Paolo Bonzini <pbonzini@...hat.com>,
	Ric Wheeler <rwheeler@...hat.com>,
	Petr Matousek <pmatouse@...hat.com>,
	Kay Sievers <kay@...hat.com>, Jens Axboe <axboe@...nel.dk>,
	linux-kernel@...r.kernel.org,
	"James E.J. Bottomley" <James.Bottomley@...senPartnership.com>
Subject: Re: setting up CDB filters in udev (was Re: [PATCH v2 0/3] block:
 add queue-private command filter, editable via sysfs)

On Fri, 2 Nov 2012 13:21:31 -0700
Tejun Heo <tj@...nel.org> wrote:

> Hey,
> 
> On Fri, Nov 02, 2012 at 08:18:24PM +0000, Alan Cox wrote:
> > a - there are lots of cases you want to allow only a subset of commands.
> 
> Care to spell them out.  At least the cases Paolo listed should be
> served by what's described.
> 
> > b - if you are using a BPF filter which is the obvious way to do it then
> > the flexibility comes for free without any extra complexity as the kernel
> > provides a generic implementation, and even a JIT for complex cases.
> 
> Yeah, sure, but it's all about what tool to use where and maybe it's
> my ignorance about the problem space but it's difficult for me to
> believe that we need full-blown BPF filter here when this is the only
> activity we've got in a decade.

If you look back through the archive you'll find people have been
spending a good decade bitching about the lack of filter configurability
and trying to get someone else to fix it.

The BPF filter is simpler than just about any other implementation
because the tools exist and are used for lots of other things and it has
an API that is precisely defined as well as kernel calls to run the
filter.

Some reasons for it

- giving people access to parts of disks
- allowing access to specific vendor specific commands on certain
  non-standard CD and DVD drives so they can be used for burning but you
  can't trash them
- giving end users minimal access to things like SMART but only on drives
  where it is safe
- giving a user a SCSI disk or partition to play with but preventing them
  issuing weird ass commands that can disrupt other devices in the fabric
  (like drive to drive transfers, some kinds of resets, management
  commands)
- minimising the ability of a VM to do damage if compromised while
  maximising its raw access to a device



Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ