[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADLC3L2W+VEHZbcDT50=bneXH7iEkyf6ZOOG9LLQ4LEK3uAfFg@mail.gmail.com>
Date: Mon, 18 Mar 2013 21:08:37 -0600
From: Robert Hancock <hancockrwd@...il.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Myron Stowe <mstowe@...hat.com>,
Myron Stowe <myron.stowe@...hat.com>, kay@...y.org,
linux-hotplug@...r.kernel.org, alex.williamson@...hat.com,
linux-pci@...r.kernel.org, yuxiangl@...vell.com, yxlraid@...il.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] udevadm-info: Don't access sysfs 'resource<N>' files
On Mon, Mar 18, 2013 at 8:35 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> On Mon, Mar 18, 2013 at 08:09:22PM -0600, Robert Hancock wrote:
>> > Great, that's one possible solution, the other is just not creating the
>> > files at all for known problem devices, right?
>>
>> I don't think one can reasonably enumerate all problem devices. There
>> are probably countless devices which can potentially break if their
>> resources (especially IO ports) are read in unexpected ways. Aside
>> from devices like this one, which apparently don't like certain IO
>> ports being read with certain access widths, there's every device in
>> existence with read-to-reset type registers. The fix to this needs to
>> apply to all devices.
>>
>> >
>> > My main point here is, you aren't going to fix this in userspace, fix it
>> > in the kernel.
>>
>> The kernel can help the situation by blocking access to devices with
>> an active driver, but it can't fix all cases. Suppose the device has
>> no driver loaded yet, how is the kernel supposed to tell the
>> difference between software with a legitimate need to access these
>> files for virtualization device assignment, etc. and something like
>> udevadm or a random grep command that's reading the files without any
>> idea what it's doing? udevadm does need to be fixed to avoid accessing
>> these files because it's unnecessary and dangerous.
>
> Are you going to also fix grep? bash? cat?
>
> Come on, be realistic. If these files are so dangerous then they need
> to just be removed entirely from the kernel. You aren't going to be
> able to patch grep for this.
Well, clearly not. Although accessing this file with grep, etc. is
really just another way root can shoot themselves in the foot, it
would be nice if this functionality could be provided in a way that
didn't leave this kind of exposed land mine.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists