| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af960e70-7373-51f2-3ff3-f23335f94aa1@grimberg.me>
Date: Thu, 25 Jul 2019 12:43:27 -0700
From: Sagi Grimberg <sagi@...mberg.me>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Logan Gunthorpe <logang@...tatee.com>,
linux-kernel@...r.kernel.org, linux-nvme@...ts.infradead.org,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Christoph Hellwig <hch@....de>,
Keith Busch <kbusch@...nel.org>, Jens Axboe <axboe@...com>,
Chaitanya Kulkarni <Chaitanya.Kulkarni@....com>,
Max Gurtovoy <maxg@...lanox.com>,
Stephen Bates <sbates@...thlin.com>,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v6 02/16] chardev: introduce cdev_get_by_path()
>> So, as was kind of alluded to in another part of the thread, what are
>> you doing about permissions? It seems that any user/group permissions
>> are out the window when you have the kernel itself do the opening of the
>> char device, right? Why is that ok? You can pass it _any_ character
>> device node and away it goes? What if you give it a "wrong" one? Char
>> devices are very different from block devices this way.
>
> We could condition any configfs operation on capable(CAP_NET_ADMIN) to
> close that hole for now..
s/NET/SYS/...
Powered by blists - more mailing lists