| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51A0B4E7.4030307@redhat.com> Date: Sat, 25 May 2013 14:56:07 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Tejun Heo <tj@...nel.org> CC: James Bottomley <James.Bottomley@...senPartnership.com>, Jens Axboe <axboe@...nel.dk>, lkml <linux-kernel@...r.kernel.org>, "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org> Subject: Re: PING^7 (was Re: [PATCH v2 00/14] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542)) Il 25/05/2013 14:48, Tejun Heo ha scritto: >>> * Merge the patch to give out SG_IO access along with write access, so >>> > > the use cases which want to give out SG_IO access can do so >>> > > explicitly and be fully responsible for the device. This makes >>> > > sense to me. If one wants to be allowed to issue raw commands to >>> > > the hardware, one takes the full responsibility. >> > >> > That's not possible; it would make it impossible to do things like using >> > a privileged helper to open the file and passing it back via SCM_RIGHTS >> > to an unprivileged program (running as the user). This is the ptrace >> > attack that you mentioned. > I have no idea what you're talking about. I'm describing the same > thing you implemented and posted. Ok, I think we need a rewind. I'll try to post what I mean next week. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists