lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87lfprhq87.fsf@mpe.ellerman.id.au>
Date:   Tue, 28 Jan 2020 20:42:16 +1100
From:   Michael Ellerman <mpe@...erman.id.au>
To:     Sergei Shtylyov <sergei.shtylyov@...entembedded.com>,
        netdev@...r.kernel.org
Cc:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        security@...nel.org, ivansprundel@...ctive.com, vishal@...lsio.com
Subject: Re: [PATCH] net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM

Sergei Shtylyov <sergei.shtylyov@...entembedded.com> writes:
> Hello!
>
> On 24.01.2020 12:41, Michael Ellerman wrote:
>
>> The cxgb3 driver for "Chelsio T3-based gigabit and 10Gb Ethernet
>> adapters" implements a custom ioctl as SIOCCHIOCTL/SIOCDEVPRIVATE in
>> cxgb_extension_ioctl().
>> 
>> One of the subcommands of the ioctl is CHELSIO_GET_MEM, which appears
>> to read memory directly out of the adapter and return it to userspace.
>> It's not entirely clear what the contents of the adapter memory
>> contains, but the assumption is that it shouldn't be accessible to all
>
>     s/contains/is/? Else it sounds tautological. :-)

Yeah you're right that would have been clearer.

Dave beat me to it and has already applied it, but thanks for reviewing
it anyway.

cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ