Re: [PATCH v3] vfs: new O_NODE open flag

From: Alan Cox
Date: Wed Dec 02 2009 - 14:14:41 EST

Next message: Vivek Goyal: "Re: Block IO Controller V4"
Previous message: Jan Kara: "Re: writev data loss bug in (at least) 2.6.31 and 2.6.32pre8 x86-64"
In reply to: Miklos Szeredi: "[PATCH v3] vfs: new O_NODE open flag"
Next in thread: Miklos Szeredi: "Re: [PATCH v3] vfs: new O_NODE open flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 1) There's a security hole with dynamicly allocated devices if
> permissions on new device are difference than on old device.
>
> The issue is valid, but also exists if hard links are created to
> device nodes. udev already defends against this by setting
> permissions on device to zero before unlinking it.

udev defends against it with the specific knowledge that any existing
open means the device is open and cannot be unloaded. The combination is
required (and some other happenstance properties).

For O_NODE you must implement revoke() as well and get it into tools like
udev before you are safe. I appreciate "you need revoke" is a bit like
saying "there is one small problem, you just need to reimplement a major
subsystem while you are at it", but from a security perspective I don't
see any other way to make O_NODE safe in this situation.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vivek Goyal: "Re: Block IO Controller V4"
Previous message: Jan Kara: "Re: writev data loss bug in (at least) 2.6.31 and 2.6.32pre8 x86-64"
In reply to: Miklos Szeredi: "[PATCH v3] vfs: new O_NODE open flag"
Next in thread: Miklos Szeredi: "Re: [PATCH v3] vfs: new O_NODE open flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]