| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOviyagXOJE3JqYwd3hUNA+qL0cRVafDgma8FTvq9To9iBaYmQ@mail.gmail.com>
Date: Sun, 5 Nov 2017 20:11:20 +1100
From: Aleksa Sarai <cyphar@...har.com>
To: Greg KH <greg@...ah.com>
Cc: Aleksa Sarai <asarai@...e.de>,
"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
containers@...ts.linux-foundation.org,
Valentin Rothberg <vrothberg@...e.com>, stable@...r.kernel.org,
"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface
I've booted it on a few of my laptops, and nothing seemed to break. Is
there a particular test-suite you'd recommend that I run?
On Sun, Nov 5, 2017 at 6:31 PM, Greg KH <greg@...ah.com> wrote:
> On Sun, Nov 05, 2017 at 01:56:35PM +1100, Aleksa Sarai wrote:
>> Previously, the only capability effectively required to operate on the
>> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files,
>> having an fsuid of GLOBAL_ROOT_UID was enough). This means that
>> semi-privileged processes could interfere with core components of a
>> system (such as causing a DoS by removing the underlying SCSI device of
>> the host's / mount).
>
> Given that the previous patch didn't even compile, I worry that you have
> not tested this at all to see what breaks/changes in userspace with this
> type of user-visable api change.
>
> What did you do to test this?
>
> thanks,
>
> greg k-h
--
Aleksa Sarai (cyphar)
www.cyphar.com
Powered by blists - more mailing lists