lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Jul 2018 11:29:30 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Todd Poynor <toddpoynor@...il.com>
Cc:     Rob Springer <rspringer@...gle.com>,
        John Joseph <jnjoseph@...gle.com>,
        Ben Chan <benchan@...omium.org>,
        Zhongze Hu <frankhu@...omium.org>,
        Simon Que <sque@...omium.org>,
        Dmitry Torokhov <dtor@...omium.org>,
        Guenter Roeck <groeck@...omium.org>,
        devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
        Todd Poynor <toddpoynor@...gle.com>
Subject: Re: [PATCH 16/32] staging: gasket: always allow root open for write

On Tue, Jul 17, 2018 at 01:56:56PM -0700, Todd Poynor wrote:
> From: Todd Poynor <toddpoynor@...gle.com>
> 
> Always allow root to open device for writing.
> 
> Drop special-casing of ioctl permissions for root vs. owner.
> 
> Reported-by: Dmitry Torokhov <dtor@...omium.org>
> Signed-off-by: Zhongze Hu <frankhu@...omium.org>
> Signed-off-by: Todd Poynor <toddpoynor@...gle.com>
> ---
>  drivers/staging/gasket/apex_driver.c  |  9 +--------
>  drivers/staging/gasket/gasket_core.c  |  8 +++++---
>  drivers/staging/gasket/gasket_ioctl.c | 19 ++++++++-----------
>  3 files changed, 14 insertions(+), 22 deletions(-)
> 
> diff --git a/drivers/staging/gasket/apex_driver.c b/drivers/staging/gasket/apex_driver.c
> index 3a83c3d4d5561..612b3ab803196 100644
> --- a/drivers/staging/gasket/apex_driver.c
> +++ b/drivers/staging/gasket/apex_driver.c
> @@ -629,14 +629,7 @@ static bool is_gcb_in_reset(struct gasket_dev *gasket_dev)
>   */
>  static uint apex_ioctl_check_permissions(struct file *filp, uint cmd)
>  {
> -	struct gasket_dev *gasket_dev = filp->private_data;
> -	int root = capable(CAP_SYS_ADMIN);
> -	int is_owner = gasket_dev->dev_info.ownership.is_owned &&
> -		       current->tgid == gasket_dev->dev_info.ownership.owner;
> -
> -	if (root || is_owner)
> -		return 1;
> -	return 0;
> +	return !!(filp->f_mode & FMODE_WRITE);

Shouldn't this return a boolean instead of uint?

>  }
>  
>  /*
> diff --git a/drivers/staging/gasket/gasket_core.c b/drivers/staging/gasket/gasket_core.c
> index 0d5ba7359af73..947b4fcc76970 100644
> --- a/drivers/staging/gasket/gasket_core.c
> +++ b/drivers/staging/gasket/gasket_core.c
> @@ -1085,6 +1085,7 @@ static int gasket_open(struct inode *inode, struct file *filp)
>  	char task_name[TASK_COMM_LEN];
>  	struct gasket_cdev_info *dev_info =
>  	    container_of(inode->i_cdev, struct gasket_cdev_info, cdev);
> +	int is_root = capable(CAP_SYS_ADMIN);
>  
>  	gasket_dev = dev_info->gasket_dev_ptr;
>  	driver_desc = gasket_dev->internal_desc->driver_desc;
> @@ -1098,7 +1099,7 @@ static int gasket_open(struct inode *inode, struct file *filp)
>  		"Attempting to open with tgid %u (%s) (f_mode: 0%03o, "
>  		"fmode_write: %d is_root: %u)",
>  		current->tgid, task_name, filp->f_mode,
> -		(filp->f_mode & FMODE_WRITE), capable(CAP_SYS_ADMIN));
> +		(filp->f_mode & FMODE_WRITE), is_root);
>  
>  	/* Always allow non-writing accesses. */
>  	if (!(filp->f_mode & FMODE_WRITE)) {
> @@ -1112,8 +1113,9 @@ static int gasket_open(struct inode *inode, struct file *filp)
>  		gasket_dev, "Current owner open count (owning tgid %u): %d.",
>  		ownership->owner, ownership->write_open_count);
>  
> -	/* Opening a node owned by another TGID is an error (even root.) */
> -	if (ownership->is_owned && ownership->owner != current->tgid) {
> +	/* Opening a node owned by another TGID is an error (unless root) */
> +	if (ownership->is_owned && ownership->owner != current->tgid &&
> +	    !is_root) {
>  		gasket_log_error(
>  			gasket_dev,
>  			"Process %u is opening a node held by %u.",
> diff --git a/drivers/staging/gasket/gasket_ioctl.c b/drivers/staging/gasket/gasket_ioctl.c
> index 0c2f85cf54480..d0fa05b8bf1d3 100644
> --- a/drivers/staging/gasket/gasket_ioctl.c
> +++ b/drivers/staging/gasket/gasket_ioctl.c
> @@ -171,7 +171,7 @@ long gasket_is_supported_ioctl(uint cmd)
>   */
>  static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd)
>  {

Also return bool?

> -	uint alive, root, device_owner;
> +	uint alive;
>  	fmode_t read, write;
>  	struct gasket_dev *gasket_dev = (struct gasket_dev *)filp->private_data;
>  
> @@ -183,33 +183,30 @@ static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd)
>  			alive, gasket_dev->status);
>  	}
>  
> -	root = capable(CAP_SYS_ADMIN);
> -	read = filp->f_mode & FMODE_READ;
> -	write = filp->f_mode & FMODE_WRITE;
> -	device_owner = (gasket_dev->dev_info.ownership.is_owned &&
> -			current->tgid == gasket_dev->dev_info.ownership.owner);
> +	read = !!(filp->f_mode & FMODE_READ);
> +	write = !!(filp->f_mode & FMODE_WRITE);

These should be bool as well, right?

I'll drop this patch, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ