lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cca5b463-a860-de8d-b7e4-a8d30aef2ff2@gmail.com>
Date:   Fri, 15 Jul 2022 21:38:35 +0200
From:   Zdenek Kabelac <zdenek.kabelac@...il.com>
To:     Mikulas Patocka <mpatocka@...hat.com>,
        Daniil Lunev <dlunev@...omium.org>
Cc:     dm-devel@...hat.com, Mike Snitzer <snitzer@...nel.org>,
        Brian Geffon <bgeffon@...gle.com>,
        Alasdair Kergon <agk@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device
 open

Dne 15. 07. 22 v 11:36 Mikulas Patocka napsal(a):
>
> On Fri, 15 Jul 2022, Daniil Lunev wrote:
>
>> Hi Mike,
>> Thank you for your response. I should have probably added more context
>> to the commit message that I specified in the cover letter. The idea is to
>> prohibit access of all userspace, including the root. The main concern here
>> is potential system applications' vulnerabilities that can trick the system to
>> operate on non-intended files with elevated permissions. While those could
>> also be exploited to get more access to the regular file systems, those firstly
>> has to be useable by userspace for normal system operation (e.g. to store
>> user data), secondly, never contain plain text secrets. Swap content is a
>> different story - access to it can leak very sensitive information, which
>> otherwise is never available as plaintext on any persistent media - e.g. raw
>> user secrets, raw disk encryption keys etc, other security related tokens.
>> Thus we propose a mechanism to enable such a lockdown after necessary
>> configuration has been done to the device at boot time.
>> --Daniil
> If someone gains root, he can do anything on the system.
>
> I'm quite skeptical about these attempts; protecting the system from the
> root user is never-ending whack-a-mole game.


It's in fact a 'design feature' of whole DMĀ  that root can always open any 
device in device stack (although cause some troubles to i.e. some lvm2 logic) 
such feature is useful i.e. for debugging device problems. There was never an 
intention to prohibit root user from 'seeing' all stacked devices.

Regards

Zdenek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ