Re: Bugs involving maliciously crafted file system

From: Matthew Garrett
Date: Wed May 30 2018 - 16:52:04 EST

Next message: Janusz Krzysztofik: "Re: linux-next: manual merge of the regulator tree with the arm-soc tree"
Previous message: David Rientjes: "Re: [patch] mm, hugetlb_cgroup: suppress SIGBUS when hugetlb_cgroup charge fails"
In reply to: Eric W. Biederman: "Re: Bugs involving maliciously crafted file system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 30, 2018 at 1:42 PM Dave Chinner <david@xxxxxxxxxxxxx> wrote:
> We've learnt this lesson the hard way over and over again: don't
> parse untrusted input in privileged contexts. How many times do we
> have to make the same mistakes before people start to learn from
> them?

You're not wrong, but we haven't considered root to be fundamentally
trustworthy for years - there are multiple kernel features that can be
configured such that root is no longer able to do certain things (the
one-way trap for requiring module signatures is the most obvious, but
IMA in appraisal mode will also restrict root), and as a result it's
not reasonable to be worried only about users - it's also necessary to
prevent root form being able to deliberately mount a filesystem that
results in arbitrary code execution in the kernel.

Next message: Janusz Krzysztofik: "Re: linux-next: manual merge of the regulator tree with the arm-soc tree"
Previous message: David Rientjes: "Re: [patch] mm, hugetlb_cgroup: suppress SIGBUS when hugetlb_cgroup charge fails"
In reply to: Eric W. Biederman: "Re: Bugs involving maliciously crafted file system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]