| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jun 2021 12:23:19 +0000
From: Niklas Cassel <Niklas.Cassel@....com>
To: Jens Axboe <axboe@...nel.dk>, Shaun Tancheff <shaun@...cheff.com>,
Hannes Reinecke <hare@...e.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Damien Le Moal <Damien.LeMoal@....com>
CC: Damien Le Moal <Damien.LeMoal@....com>,
Niklas Cassel <Niklas.Cassel@....com>,
Jens Axboe <axboe@...com>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [PATCH v3 0/2] allow blk-zoned ioctls without CAP_SYS_ADMIN
From: Niklas Cassel <niklas.cassel@....com>
Allow the following blk-zoned ioctls: BLKREPORTZONE, BLKRESETZONE,
BLKOPENZONE, BLKCLOSEZONE, and BLKFINISHZONE to be performed without
CAP_SYS_ADMIN.
Neither read() nor write() requires CAP_SYS_ADMIN, and considering
the close relationship between read()/write() and these ioctls, there
is no reason to require CAP_SYS_ADMIN for these ioctls either.
Changes since v2:
-Drop the FMODE_READ check from patch 2/2.
Right now it is possible to open() the device with O_WRONLY
and get the zone report from that fd. Therefore adding a
FMODE_READ check on BLKREPORTZONE would break existing applications.
Instead, just remove the existing CAP_SYS_ADMIN check.
Niklas Cassel (2):
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
block/blk-zoned.c | 6 ------
1 file changed, 6 deletions(-)
--
2.31.1
Powered by blists - more mailing lists