lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <530F451F.9020107@redhat.com>
Date:	Thu, 27 Feb 2014 15:01:03 +0100
From:	Florian Weimer <fweimer@...hat.com>
To:	Matthew Wilcox <matthew.r.wilcox@...el.com>,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	linux-fsdevel@...r.kernel.org, willy@...ux.intel.com
Subject: Re: [PATCH v6 00/22] Support ext4 on NV-DIMMs

On 02/25/2014 03:18 PM, Matthew Wilcox wrote:
> One of the primary uses for NV-DIMMs is to expose them as a block device
> and use a filesystem to store files on the NV-DIMM.  While that works,
> it currently wastes memory and CPU time buffering the files in the page
> cache.  We have support in ext2 for bypassing the page cache, but it
> has some races which are unfixable in the current design.  This series
> of patches rewrite the underlying support, and add support for direct
> access to ext4.

I'm wondering if there is a potential security issue lurking here.

Some distributions use udisks2 to grant permission to local console 
users to create new loop devices from files.  File systems on these 
block devices are then mounted.  This is a replacement for several file 
systems implemented in user space, and for the users, this is a good 
thing because the in-kernel implementations are generally of higher quality.

What happens if we have DAX support in the entire stack, and an 
enterprising user mounts a file system?  Will she be able to fuzz the 
file system or binfmt loaders concurrently, changing the bits while they 
are being read?

Currently, it appears that the loop device duplicates pages in the page 
cache, so this does not seem to be possible, but DAX support might 
change this.

-- 
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ