lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87msegixqr.ffs@tglx>
Date: Thu, 20 Feb 2025 13:53:00 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: Wojtek Wasko <wwasko@...dia.com>, "netdev@...r.kernel.org"
 <netdev@...r.kernel.org>
Cc: "richardcochran@...il.com" <richardcochran@...il.com>,
 "vadim.fedorenko@...ux.dev" <vadim.fedorenko@...ux.dev>, "kuba@...nel.org"
 <kuba@...nel.org>, "horms@...nel.org" <horms@...nel.org>,
 "anna-maria@...utronix.de" <anna-maria@...utronix.de>,
 "frederic@...nel.org" <frederic@...nel.org>, "pabeni@...hat.com"
 <pabeni@...hat.com>
Subject: RE: [PATCH net-next v3 2/3] ptp: Add file permission checks on PHCs

On Wed, Feb 19 2025 at 09:45, Wojtek Wasko wrote:
> On Mon, Feb 17 2025 at 21:24, Thomas Gleixner wrote:
>> > One limitation
>> > remains: querying the adjusted frequency of a PTP device (using
>> > adjtime() with an empty modes field) is not supported for chardevs
>> > opened without WRITE permissions, as the POSIX layer mandates WRITE
>> > access for any adjtime operation.
>> 
>> That's a fixable problem, no?
>
> Absolutely, but to be honest I wasn't sure about how to properly change
> the access check in adjtime given it's a "generic" API. I ended up with
> something along the lines of:
>
>    if (tx->modes & ~(ADJ_NANO | ADJ_MICRO))
>      /* require WRITE */
>
> being that ADJ_NANO and ADJ_MICRO by themselves don't mean the clock will
> be modified. So the modes field is not really "empty" per se and the check
> becomes less self-explanatory.

ADJ_NANO and ADJ_MICRO modify the internal status. A read only operation
has to have tx->modes == 0 and the result will be served in the
NANO/MICRO representation which was set by the control application which
can write.

adjtimex(2) is clearly saying:

 "The modes field determines which parameters, if any, to set."

Consequently modes != 0 requires CAP_SYS_TIME, while modes == 0 is
unpriviledged. So requiring WRITE for the FD based posix clocks is not
asked too much.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ