lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 25 Jan 2020 11:48:51 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:     Michael Ellerman <mpe@...erman.id.au>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        security@...nel.org, ivansprundel@...ctive.com, vishal@...lsio.com
Subject: Re: [PATCH] net: cxgb3_main: Add CAP_NET_ADMIN check to
 CHELSIO_GET_MEM

Hello!

On 24.01.2020 12:41, Michael Ellerman wrote:

> The cxgb3 driver for "Chelsio T3-based gigabit and 10Gb Ethernet
> adapters" implements a custom ioctl as SIOCCHIOCTL/SIOCDEVPRIVATE in
> cxgb_extension_ioctl().
> 
> One of the subcommands of the ioctl is CHELSIO_GET_MEM, which appears
> to read memory directly out of the adapter and return it to userspace.
> It's not entirely clear what the contents of the adapter memory
> contains, but the assumption is that it shouldn't be accessible to all

    s/contains/is/? Else it sounds tautological. :-)

> users.
> 
> So add a CAP_NET_ADMIN check to the CHELSIO_GET_MEM case. Put it after
> the is_offload() check, which matches two of the other subcommands in
> the same function which also check for is_offload() and CAP_NET_ADMIN.
> 
> Found by Ilja by code inspection, not tested as I don't have the
> required hardware.
> 
> Reported-by: Ilja Van Sprundel <ivansprundel@...ctive.com>
> Signed-off-by: Michael Ellerman <mpe@...erman.id.au>
[...]

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ