| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <89fb0e7e-eccd-5db5-00c1-d0b90c85270f@grimberg.me>
Date: Thu, 25 Jul 2019 12:45:15 -0700
From: Sagi Grimberg <sagi@...mberg.me>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Logan Gunthorpe <logang@...tatee.com>,
linux-kernel@...r.kernel.org, linux-nvme@...ts.infradead.org,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Christoph Hellwig <hch@....de>,
Keith Busch <kbusch@...nel.org>, Jens Axboe <axboe@...com>,
Chaitanya Kulkarni <Chaitanya.Kulkarni@....com>,
Max Gurtovoy <maxg@...lanox.com>,
Stephen Bates <sbates@...thlin.com>,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v6 02/16] chardev: introduce cdev_get_by_path()
>>> So, as was kind of alluded to in another part of the thread, what are
>>> you doing about permissions? It seems that any user/group permissions
>>> are out the window when you have the kernel itself do the opening of the
>>> char device, right? Why is that ok? You can pass it _any_ character
>>> device node and away it goes? What if you give it a "wrong" one? Char
>>> devices are very different from block devices this way.
>>
>> We could condition any configfs operation on capable(CAP_NET_ADMIN) to
>> close that hole for now..
>
> Why that specific permission?
Meant CAP_SYS_ADMIN
> And what about the "pass any random char device name" issue? What
> happens if you pass /dev/random/ as the string?
What is the difference if the application is opening the device if
it has the wrong path?
Powered by blists - more mailing lists