[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrXm116+eRvYY7QNbHcrOpZYOCqvC_WPguPZm-G+UEHeGw@mail.gmail.com>
Date: Wed, 29 Oct 2014 20:55:58 -0700
From: Andy Lutomirski <luto@...capital.net>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Linux API <linux-api@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
John Stultz <john.stultz@...aro.org>,
Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
Marcel Holtmann <marcel@...tmann.org>,
Ryan Lortie <desrt@...rt.ca>,
Bastien Nocera <hadess@...ess.net>,
David Herrmann <dh.herrmann@...il.com>,
Djalal Harouni <tixxdz@...ndz.org>,
Simon McVittie <simon.mcvittie@...labora.co.uk>,
daniel@...que.org, alban.crequy@...labora.co.uk,
Javier Martinez Canillas <javier.martinez@...labora.co.uk>,
Tom Gundersen <teg@...m.no>
Subject: Re: kdbus: add connection, queue handling and message validation code
On Wed, Oct 29, 2014 at 8:47 PM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
> Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes:
>
>> From: Daniel Mack <daniel@...que.org>
>>
>> This patch adds code to create and destroy connections, to validate
>> incoming messages and to maintain the queue of messages that are
>> associated with a connection.
>>
>> Note that connection and queue have a 1:1 relation, the code is only
>> split in two parts for cleaner separation and better readability.
>
> You are not performing capability checks at open time.
>
> As such this API is suceptible to a host of file descriptor passing attacks.
To be fair, write(2) doesn't work on these fds, so the usual attacks
don't work. But who knows what absurd things kdbus clients will do
with fd passing?
--Andy
>
>> Signed-off-by: Daniel Mack <daniel@...que.org>
>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> ---
>
>> +/*
>> + * Check for maximum number of messages per individual user. This
>> + * should prevent a single user from being able to fill the receiver's
>> + * queue.
>> + */
>> +static int kdbus_conn_queue_user_quota(struct kdbus_conn *conn,
>> + const struct kdbus_conn *conn_src,
>> + struct kdbus_queue_entry *entry)
>> +{
>> + unsigned int user;
>> +
>> + if (!conn_src)
>> + return 0;
>> +
>> + if (ns_capable(&init_user_ns, CAP_IPC_OWNER))
>> + return 0;
>
>
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists