| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jul 2018 16:47:17 -0700
From: Todd Poynor <toddpoynor@...il.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Rob Springer <rspringer@...gle.com>,
John Joseph <jnjoseph@...gle.com>,
Ben Chan <benchan@...omium.org>,
Zhongze Hu <frankhu@...omium.org>,
Simon Que <sque@...omium.org>,
Dmitry Torokhov <dtor@...omium.org>,
Guenter Roeck <groeck@...omium.org>,
devel@...verdev.osuosl.org, lkml <linux-kernel@...r.kernel.org>,
Todd Poynor <toddpoynor@...gle.com>
Subject: Re: [PATCH 16/32] staging: gasket: always allow root open for write
On Thu, Jul 19, 2018 at 2:29 AM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> On Tue, Jul 17, 2018 at 01:56:56PM -0700, Todd Poynor wrote:
>> From: Todd Poynor <toddpoynor@...gle.com>
>>
>> Always allow root to open device for writing.
>>
>> Drop special-casing of ioctl permissions for root vs. owner.
>>
>> Reported-by: Dmitry Torokhov <dtor@...omium.org>
>> Signed-off-by: Zhongze Hu <frankhu@...omium.org>
>> Signed-off-by: Todd Poynor <toddpoynor@...gle.com>
>> ---
>> drivers/staging/gasket/apex_driver.c | 9 +--------
>> drivers/staging/gasket/gasket_core.c | 8 +++++---
>> drivers/staging/gasket/gasket_ioctl.c | 19 ++++++++-----------
>> 3 files changed, 14 insertions(+), 22 deletions(-)
>>
>> diff --git a/drivers/staging/gasket/apex_driver.c b/drivers/staging/gasket/apex_driver.c
>> index 3a83c3d4d5561..612b3ab803196 100644
>> --- a/drivers/staging/gasket/apex_driver.c
>> +++ b/drivers/staging/gasket/apex_driver.c
>> @@ -629,14 +629,7 @@ static bool is_gcb_in_reset(struct gasket_dev *gasket_dev)
>> */
>> static uint apex_ioctl_check_permissions(struct file *filp, uint cmd)
>> {
>> - struct gasket_dev *gasket_dev = filp->private_data;
>> - int root = capable(CAP_SYS_ADMIN);
>> - int is_owner = gasket_dev->dev_info.ownership.is_owned &&
>> - current->tgid == gasket_dev->dev_info.ownership.owner;
>> -
>> - if (root || is_owner)
>> - return 1;
>> - return 0;
>> + return !!(filp->f_mode & FMODE_WRITE);
>
> Shouldn't this return a boolean instead of uint?
There's a patch farther down in the stack that does that, I wasn't
sure if I should collapse the two things together into a single patch,
will fold that patch into this one.
>
>> }
>>
>> /*
>> diff --git a/drivers/staging/gasket/gasket_core.c b/drivers/staging/gasket/gasket_core.c
>> index 0d5ba7359af73..947b4fcc76970 100644
>> --- a/drivers/staging/gasket/gasket_core.c
>> +++ b/drivers/staging/gasket/gasket_core.c
>> @@ -1085,6 +1085,7 @@ static int gasket_open(struct inode *inode, struct file *filp)
>> char task_name[TASK_COMM_LEN];
>> struct gasket_cdev_info *dev_info =
>> container_of(inode->i_cdev, struct gasket_cdev_info, cdev);
>> + int is_root = capable(CAP_SYS_ADMIN);
>>
>> gasket_dev = dev_info->gasket_dev_ptr;
>> driver_desc = gasket_dev->internal_desc->driver_desc;
>> @@ -1098,7 +1099,7 @@ static int gasket_open(struct inode *inode, struct file *filp)
>> "Attempting to open with tgid %u (%s) (f_mode: 0%03o, "
>> "fmode_write: %d is_root: %u)",
>> current->tgid, task_name, filp->f_mode,
>> - (filp->f_mode & FMODE_WRITE), capable(CAP_SYS_ADMIN));
>> + (filp->f_mode & FMODE_WRITE), is_root);
>>
>> /* Always allow non-writing accesses. */
>> if (!(filp->f_mode & FMODE_WRITE)) {
>> @@ -1112,8 +1113,9 @@ static int gasket_open(struct inode *inode, struct file *filp)
>> gasket_dev, "Current owner open count (owning tgid %u): %d.",
>> ownership->owner, ownership->write_open_count);
>>
>> - /* Opening a node owned by another TGID is an error (even root.) */
>> - if (ownership->is_owned && ownership->owner != current->tgid) {
>> + /* Opening a node owned by another TGID is an error (unless root) */
>> + if (ownership->is_owned && ownership->owner != current->tgid &&
>> + !is_root) {
>> gasket_log_error(
>> gasket_dev,
>> "Process %u is opening a node held by %u.",
>> diff --git a/drivers/staging/gasket/gasket_ioctl.c b/drivers/staging/gasket/gasket_ioctl.c
>> index 0c2f85cf54480..d0fa05b8bf1d3 100644
>> --- a/drivers/staging/gasket/gasket_ioctl.c
>> +++ b/drivers/staging/gasket/gasket_ioctl.c
>> @@ -171,7 +171,7 @@ long gasket_is_supported_ioctl(uint cmd)
>> */
>> static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd)
>> {
>
> Also return bool?
Will fix, I had meant to send a patch for this, will just do that here.
>
>> - uint alive, root, device_owner;
>> + uint alive;
>> fmode_t read, write;
>> struct gasket_dev *gasket_dev = (struct gasket_dev *)filp->private_data;
>>
>> @@ -183,33 +183,30 @@ static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd)
>> alive, gasket_dev->status);
>> }
>>
>> - root = capable(CAP_SYS_ADMIN);
>> - read = filp->f_mode & FMODE_READ;
>> - write = filp->f_mode & FMODE_WRITE;
>> - device_owner = (gasket_dev->dev_info.ownership.is_owned &&
>> - current->tgid == gasket_dev->dev_info.ownership.owner);
>> + read = !!(filp->f_mode & FMODE_READ);
>> + write = !!(filp->f_mode & FMODE_WRITE);
>
> These should be bool as well, right?
Right.
>
> I'll drop this patch, thanks.
>
> greg k-h
--
Todd
Powered by blists - more mailing lists