[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <545A3588.2010903@zonque.org>
Date: Wed, 05 Nov 2014 15:34:48 +0100
From: Daniel Mack <daniel@...que.org>
To: Andy Lutomirski <luto@...capital.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Linux API <linux-api@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
John Stultz <john.stultz@...aro.org>,
Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
Marcel Holtmann <marcel@...tmann.org>,
Ryan Lortie <desrt@...rt.ca>,
Bastien Nocera <hadess@...ess.net>,
David Herrmann <dh.herrmann@...il.com>,
Djalal Harouni <tixxdz@...ndz.org>,
simon.mcvittie@...labora.co.uk, alban.crequy@...labora.co.uk,
javier.martinez@...labora.co.uk, Tom Gundersen <teg@...m.no>
Subject: Re: [PATCH 00/12] Add kdbus implementation
On 10/29/2014 11:19 PM, Andy Lutomirski wrote:
> I think that each piece of trustable metadata needs to be explicitly
> opted-in to by the sender at the time of capture. Otherwise you're
> asking for lots of information leaks and privilege escalations. This
> is especially important given that some of the items in the current
> list could be rather sensitive.
Alright, the above seems to pretty much sum up that end of our
discussion. To address this, We've now added the following functionality
for v2:
* The attach_flags in kdbus_cmd_hello was split into two parts,
attach_flags_send and attach_flags_recv, so each peer may chose what
exactly it want to transmit or receive.
* Metadata will only be attached to the final message in the
receiver's pool if both the sender's attach_flags_send and the
receiver's attach_flags_recv bit are set.
* Consequently, the existing KDBUS_ITEM_ATTACH_FLAGS item type is
split into KDBUS_ITEM_ATTACH_FLAGS_SEND and
KDBUS_ITEM_ATTACH_FLAGS_RECV, so that both connection details can be
separately updated through KDBUS_CMD_CONN_UPDATE.
* To allow for use cases that require certain metadata to be attached
on each message, we've added a negotiation mechanism to the HELLO
ioctl: An optional metadata mask can be passed during the creation
of buses, so bus owners may require certain bits in
attach_flags_send to be set. That way, the creator of the bus will
specify which metadata is required to fulfill the requirements of
the specification of the role of the bus.
Thanks again for your input!
Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists