lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 7 Jan 2020 18:02:09 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     syzkaller <syzkaller@...glegroups.com>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        syzbot <syzbot+f4f1e871965064ae689e@...kaller.appspotmail.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        asierra@...-inc.com, ext-kimmo.rautkoski@...sala.com,
        Jiri Slaby <jslaby@...e.com>,
        kai heng feng <kai.heng.feng@...onical.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-serial <linux-serial@...r.kernel.org>,
        mika.westerberg@...ux.intel.com, o.barta89@...il.com,
        paulburton@...nel.org, sr@...x.de,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        yegorslists@...glemail.com
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in mem_serial_out

On Tue, Dec 17, 2019 at 11:48 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
>
> On Fri, Dec 13, 2019 at 10:48 PM Greg KH <gregkh@...uxfoundation.org> wrote:
> >
> > On Fri, Dec 13, 2019 at 11:39:54AM +0100, Dmitry Vyukov wrote:
> > > On Fri, Dec 13, 2019 at 11:10 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > > > > > You set up a dubious memory base for your uart and then get upset when
> > > > > > > > you write to that location.
> > > > > > > >
> > > > > > > > I don't know what to really do about this, this is a root-only operation
> > > > > > > > and you are expected to know what you are doing when you attempt this.
> > > > > > >
> > > > > > > Hi Greg,
> > > > > > >
> > > > > > > Thanks for looking into this!
> > > > > > > Should we restrict the fuzzer from accessing /dev/ttyS* entirely?
> > > > > >
> > > > > > No, not at all.
> > > > > >
> > > > > > > Or only restrict TIOCSSERIAL on them? Something else?
> > > > > >
> > > > > > Try running not as root.  if you have CAP_SYS_ADMIN you can do a lot of
> > > > > > pretty bad things with tty ports, as you see here.  There's a reason the
> > > > > > LOCKDOWN_TIOCSSERIAL "security lockdown" check was added :)
> > > > > >
> > > > > > The TIOCSSERIAL ioctl is a nice one for a lot of things that are able to
> > > > > > be done as a normal user (baud rate changes, etc.), but there are also
> > > > > > things like setting io port memory locations that can cause random
> > > > > > hardware accesses and kernel crashes, as you instantly found out here :)
> > > > > >
> > > > > > So restrict the fuzzer to only run as a "normal" user of the serial
> > > > > > port, and if you find problems there, I'll be glad to look at them.
> > > > >
> > > > > Easier said than done. "normal user of the serial port" is not really
> > > > > a thing in Linux, right? You either have CAP_SYS_ADMIN or not, that's
> > > > > not per-device...
> > > >
> > > > Not true, there's lots of users of serial port devices that do not have
> > > > CAP_SYS_ADMIN set.  That's why we have groups :)
> > > >
> > > > You can change the baud rate of your usb-serial device without root
> > > > permissions, right?  That's a "normal" user right there.
> > >
> > > Yes, but this requires dropping CAP_SYS_ADMIN. And one can't drop
> > > CAP_SYS_ADMIN only for ttyS. If it would be a separate capability, we
> > > could drop just that, but not CAP_SYS_ADMIN.
> >
> > Ok, I think we are talking past each other here.  I am saying that it is
> > fine to talk to a serial port without CAP_SYS_ADMIN.  That should be
> > "safe" and not cause bad things to happen.
> >
> > But if you do have CAP_SYS_ADMIN, you can do a lot more "bad" things
> > with a serial port (like setting memory addresses).
> >
> > Your tool always has this capability, which is fine, but does not mean
> > that serial port accesses by everyone has to have that capability, which
> > is what I thought you were saying.
>
> I mean that I don't see a realistic way to apply your "Try running not
> as root" suggestion.
> We can drop root, but that will dramatic effect on lots of other
> things that has nothing to do with serial console.

I've disabled testing of TIOCSSERIAL in syzkaller:
https://github.com/google/syzkaller/commit/af9047c60a3db32d5e43c29321f8f531db051a63

#syz invalid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ