Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753238AbbEKU44 (ORCPT ); Mon, 11 May 2015 16:56:56 -0400 Received: from terminus.zytor.com ([198.137.202.10]:39599 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751853AbbEKU4y (ORCPT ); Mon, 11 May 2015 16:56:54 -0400 Message-ID: <55511782.30303@zytor.com> Date: Mon, 11 May 2015 13:56:34 -0700 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Alex Henrie , Kees Cook , Doug Johnson , Thomas Gleixner , Ingo Molnar , Tyler Hicks , Al Viro , linux-kernel@vger.kernel.org Subject: Re: Fwd: ioperm is preserved across fork and execve, but iopl is not References: In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1004 Lines: 24 On 05/11/2015 01:49 PM, Alex Henrie wrote: > > The ioperm and iopl calls are both used to grant a process permission > to access I/O devices directly. iopl(3) is equivalent to ioperm(0, > 0xFFFF, 1). However, permissions granted through ioperm are preserved > across fork and execve, and permissions granted through iopl are not. > This makes no sense: The two calls do the same thing, so there is no > security benefit to dropping one on fork or execve but not the other. > They don't, in fact. An iopl(3) process is allowed to disable interrupts in user space, which an ioperm() process is not. This is a HUGE deal. This really makes me wonder if iopl(3) should be allowed at all, or if we should just intercept it and treat it as ioperm(). -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/