lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5205727B.7090807@linuxtoys.org>
Date:	Fri, 09 Aug 2013 15:51:39 -0700
From:	Bob Smith <bsmith@...uxtoys.org>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 001/001] CHAR DRIVERS: a simple device to give daemons
 a /sys-like interface

Greg Kroah-Hartman wrote:
> On Wed, Aug 07, 2013 at 02:53:50PM -0700, Bob Smith wrote:
>> Agreed.  But you need root permissions to install an application
>> and part of that installation can be setting up systemd files
>> that allocate resources at boot.
>
> Do you have examples of those systemd files?  Last I looked, they didn't
> have mknod permissions anymore, which is a good thing.

The difference is that Linux usually detects the hardware that is
connected to it and automatically creates device nodes for it.
This is part of the boot process.
     In the case of a userspace device driver, the kernel never sees
the hardware so it is up the USD to create the nodes for the hardware.

 >
>> Also, some applications start as root just so they can do this kind of
>> allocation.  The app can (and should) drop root privileges when it
>> can.
> You shouldn't require root for a new feature, that seems strange.

OK, but root for a new feature dealing with hardware seems OK.

 >
> Also, namespaces aren't addressed at all, but that's a totally different
> issue...

No, but I hope namespace policy can be handled in userspace and not
in the proxy module itself.

>
 > (snip)
>> As noted above, yes, root has to set it up and set the permissions,
>> but this is hardly unusual, is it?
>
> Yes it is, modern userspace does not create any device nodes anymore,
> please let's not regress on that point.

Yes, I suppose this can be viewed as a regression, but I don't see a
way around this right now.  The problem is that only the userspace
driver sees the new hardware and so knows what device nodes to create.

Once again, thanks.

Bob Smith

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ