| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAONX=-ft=ewFDui4jmd2fvcNr2EJc90=ZNOueDdp6HaPZmvObQ@mail.gmail.com>
Date: Wed, 3 Aug 2022 14:12:26 +1000
From: Daniil Lunev <dlunev@...omium.org>
To: Zdenek Kabelac <zdenek.kabelac@...il.com>
Cc: Mikulas Patocka <mpatocka@...hat.com>, dm-devel@...hat.com,
Mike Snitzer <snitzer@...nel.org>,
Brian Geffon <bgeffon@...gle.com>,
Alasdair Kergon <agk@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open
Hello all
To signal boost here. What can we do to advance the discussion on this
topic? Can we move forward with the approach or are there any
alternative suggestions how the desired behaviour can be achieved?
Thanks,
--Daniil
On Tue, Jul 19, 2022 at 9:42 AM Daniil Lunev <dlunev@...omium.org> wrote:
>
> We understand that if someone acquires root it is a game over. The intent of
> this mechanism is to reduce the attack surface. The exposure might be a
> certain system daemon that is exploited into accessing a wrong node in
> the filesystem. And exposing modifiable system memory is a pathway for
> further escalation and leaks of secrets. This is a defense in depth mechanism,
> that is intended to make attackers' lives harder even if they find an
> exploitable
> vulnerability.
> We understand that in regular situations people may not want the behaviour,
> that is why the mechanism is controlled via a side channel - if a message is
> never sent - the behaviour is not altered.
> --Daniil
Powered by blists - more mailing lists