| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 May 2013 09:13:03 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Tejun Heo <tj@...nel.org> CC: "James E.J. Bottomley" <JBottomley@...allels.com>, Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org Subject: Re: PING^7 (was Re: [PATCH v2 00/14] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542)) Il 24/05/2013 03:44, Tejun Heo ha scritto: > On Thu, May 23, 2013 at 11:47:25AM +0200, Paolo Bonzini wrote: >>> No no, I'm not talking about it not working for the users - it's just >>> passing the commands, it of course works. I'm doubting about it being >>> a worthy security isolation layer. cdb filtering (of any form really) >>> has always been something on the border. It always was something we >>> got stuck with due to lack of other immediate options. >> >> I understood correctly then. :) I agree it's not the best, but it's not >> completely broken either. It has bugs, and that's what these patches >> try to fix. > > The same filtering table being applied to different classes of > hardware is a software bug, but my point is that the practive > essentially entrusts non-insignificant part of security enforcement to > the hardware itself. The variety of hardware in question is very wide > and significant portion has historically been known to be flaky. Unproven theory, and contradicted by actual practice. Bugs are more common in the handling of borderline conditions, not in the handling of unimplemented commands. If you want to be secure aginst buggy firmware, the commands you have to block are READ and WRITE. Check out the list of existing USB quirks. >>> I'm wondering whether combining 3 into 4 would be good enough. >> >> No, it wouldn't. I learnt it the hard way (by having a patch nacked :)) >> at http://thread.gmane.org/gmane.linux.kernel/1311887. > > Of course you can't do that by adding dangerous commands to the > existing filtering table which is allowed by default. I'm saying > "count me out" knob could be good enough. Neither is perfect but at > least the latter doesn't affect the default cases. You need to allow more commands. The count-me-out knob allows all commands. You cannot always allow all commands. Ergo, you cannot always use the count-me-out knob. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists