| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jun 2021 14:49:56 +0000
From: Adam Manzanares <a.manzanares@...sung.com>
To: Niklas Cassel <Niklas.Cassel@....com>
CC: Jens Axboe <axboe@...nel.dk>, Hannes Reinecke <hare@...e.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Damien Le Moal <Damien.LeMoal@....com>,
Shaun Tancheff <shaun@...cheff.com>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Jens Axboe <axboe@...com>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 2/2] blk-zoned: allow BLKREPORTZONE without
CAP_SYS_ADMIN
On Mon, Jun 14, 2021 at 12:23:21PM +0000, Niklas Cassel wrote:
> From: Niklas Cassel <niklas.cassel@....com>
>
> A user space process should not need the CAP_SYS_ADMIN capability set
> in order to perform a BLKREPORTZONE ioctl.
>
> Getting the zone report is required in order to get the write pointer.
> Neither read() nor write() requires CAP_SYS_ADMIN, so it is reasonable
> that a user space process that can read/write from/to the device, also
> can get the write pointer. (Since e.g. writes have to be at the write
> pointer.)
>
> Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls")
> Signed-off-by: Niklas Cassel <niklas.cassel@....com>
> Cc: stable@...r.kernel.org # v4.10+
> ---
> Changes since v2:
> -Drop the FMODE_READ check. Right now it is possible to open() the device with
> O_WRONLY and get the zone report from that fd. Therefore adding a FMODE_READ
> check on BLKREPORTZONE would break existing applications. Instead, just remove
> the existing CAP_SYS_ADMIN check.
>
> block/blk-zoned.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/block/blk-zoned.c b/block/blk-zoned.c
> index 0789e6e9f7db..457eceabed2e 100644
> --- a/block/blk-zoned.c
> +++ b/block/blk-zoned.c
> @@ -288,9 +288,6 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode,
> if (!blk_queue_is_zoned(q))
> return -ENOTTY;
>
> - if (!capable(CAP_SYS_ADMIN))
> - return -EACCES;
> -
> if (copy_from_user(&rep, argp, sizeof(struct blk_zone_report)))
> return -EFAULT;
>
> --
> 2.31.1
LGTM
Reviewed-by: Adam Manzanares <a.manzanares@...sung.com>
Powered by blists - more mailing lists