lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <545A3588.2010903@zonque.org>
Date:	Wed, 05 Nov 2014 15:34:48 +0100
From:	Daniel Mack <daniel@...que.org>
To:	Andy Lutomirski <luto@...capital.net>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:	Linux API <linux-api@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	John Stultz <john.stultz@...aro.org>,
	Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	Ryan Lortie <desrt@...rt.ca>,
	Bastien Nocera <hadess@...ess.net>,
	David Herrmann <dh.herrmann@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>,
	simon.mcvittie@...labora.co.uk, alban.crequy@...labora.co.uk,
	javier.martinez@...labora.co.uk, Tom Gundersen <teg@...m.no>
Subject: Re: [PATCH 00/12] Add kdbus implementation

On 10/29/2014 11:19 PM, Andy Lutomirski wrote:
> I think that each piece of trustable metadata needs to be explicitly
> opted-in to by the sender at the time of capture.  Otherwise you're
> asking for lots of information leaks and privilege escalations.  This
> is especially important given that some of the items in the current
> list could be rather sensitive.

Alright, the above seems to pretty much sum up that end of our
discussion. To address this, We've now added the following functionality
for v2:

 * The attach_flags in kdbus_cmd_hello was split into two parts,
   attach_flags_send and attach_flags_recv, so each peer may chose what
   exactly it want to transmit or receive.

 * Metadata will only be attached to the final message in the
   receiver's pool if both the sender's attach_flags_send and the
   receiver's attach_flags_recv bit are set.

 * Consequently, the existing KDBUS_ITEM_ATTACH_FLAGS item type is
   split into KDBUS_ITEM_ATTACH_FLAGS_SEND and
   KDBUS_ITEM_ATTACH_FLAGS_RECV, so that both connection details can be
   separately updated through KDBUS_CMD_CONN_UPDATE.

 * To allow for use cases that require certain metadata to be attached
   on each message, we've added a negotiation mechanism to the HELLO
   ioctl: An optional metadata mask can be passed during the creation
   of buses, so bus owners may require certain bits in
   attach_flags_send to be set. That way, the creator of the bus will
   specify which metadata is required to fulfill the requirements of
   the specification of the role of the bus.


Thanks again for your input!

Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ