| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <nycvar.YFH.7.76.1811191425280.21108@cbobk.fhfr.pm>
Date: Mon, 19 Nov 2018 14:26:11 +0100 (CET)
From: Jiri Kosina <jikos@...nel.org>
To: David Herrmann <dh.herrmann@...il.com>
cc: ebiggers@...nel.org,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
"open list:HID CORE LAYER" <linux-input@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
syzkaller-bugs@...glegroups.com,
Dmitry Vyukov <dvyukov@...gle.com>,
Dmitry Torokhov <dtor@...gle.com>,
syzbot+72473edc9bf4eb1c6556@...kaller.appspotmail.com,
stable <stable@...r.kernel.org>, Jann Horn <jannh@...gle.com>,
Andy Lutomirski <luto@...nel.org>
Subject: Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or
elevated privileges
On Mon, 19 Nov 2018, David Herrmann wrote:
> > Thanks for the patch. I however believe the fix below is more generic, and
> > would prefer taking that one in case noone sees any major flaw in that
> > I've overlooked. Thanks.
>
> As Andy rightly pointed out, the credentials check is actually needed.
> The scenario here is using a uhid-fd as stdout when executing a
> setuid-program. This will possibly end up reading arbitrary memory
> from the setuid program and use it as input for the hid-descriptor.
Ah, right, that's a very good point indeed; I've overlooked that (valid)
concern in the thread. Thanks for spotting that, Andy.
I've now applied Eric's patch. Thanks everybody,
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists