2017-11-05 04:03:13

by Aleksa Sarai

[permalink] [raw]
Subject: Re: [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface

On 11/05/2017 01:56 PM, Aleksa Sarai wrote:
> Previously, the only capability effectively required to operate on the
> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files,
> having an fsuid of GLOBAL_ROOT_UID was enough). This means that
> semi-privileged processes could interfere with core components of a
> system (such as causing a DoS by removing the underlying SCSI device of
> the host's / mount).

An alternative to this patch would be to make the open(2) call fail, if
you try to open it write-only or read-write. Not sure which would be
preferred (should it be possible to pass /proc/scsi/scsi to a
semi-privileged process to write to?).

--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/

From 1583193190987872787@xxx Sun Nov 05 02:58:04 +0000 2017
X-GM-THRID: 1583193190987872787
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread