Received: by 10.223.164.197 with SMTP id h5csp633088wrb; Sat, 4 Nov 2017 21:03:13 -0700 (PDT) X-Google-Smtp-Source: ABhQp+SG73kxvQfjlTmdC7QZlwrfpIjk+0ATmwcrplX4/ofN0WXVkLWBHuZBo4IyXD58mRgrpPIC X-Received: by 10.99.153.1 with SMTP id d1mr11455477pge.379.1509854593241; Sat, 04 Nov 2017 21:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509854593; cv=none; d=google.com; s=arc-20160816; b=Un1fo7dKp4go00g8IXf6ulMy+IFgzzyD2on7WDKb2Y7SSye45Z4Y3cjAnc3dvwFdtM ul8veoc6cZ4xdzszfuk/3mCgj7oozNga7htrjMNNib7mzAy2st4Mq58OdWo5ak03IXJp F8COO7GFJe8pk0dH7CRgYGa7cjxguLU8XVGm8J2is7WY6O/MRYgEzS4dieqe5yfrMQtQ S1VQUnqvHoa/mj8P6MbDszt1CZ4c+Zi6iDusAfX0GPwg7ZvcEk6ta7bK3IyiUYnRYzPa a0Kss88zwnkM1yYta6BP2rMmUR4QqzRI3ZRiHc53M8C2XZW5U9reQaKzJWZ4YvomoXRl aJaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=qFUb24LkOfhqz0xSnrMyeo5DAGuPOrGV0DRJAKGY3Ng=; b=kXYeWKOi/bhAeDXrewlE7FmZwTL1RIvcHp+eZ9vrKuT48DTvN5EBAaAGv/UVLow26X wf/rcxCmVSjzhl7aY6dkFVHu/ITxoOvm9DyjnwjD9pvJur/zy6hjVxUH2IxhPuXYyaRu Sc+rqXSpaVVvKBm5h6Eg3xXPvrZutMr6W2N52nfMr1hAWTzMokUUdyQXQIufkePZZa6y rWJ3oqQ7q/bFWC7CsoGgIoNT5yw5mcj/PP+dNLA4yYu1h/QX6JWTKgzx8FgvG3W/sYvU 20YWsp8ie5FjlswQYgjNqjdjbKc4Hq9yDn/u696UFXL9Y6CSPqx7lwJ4mR6bvivP0XS/ iq5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k63si9973638pfh.368.2017.11.04.21.02.58; Sat, 04 Nov 2017 21:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750877AbdKEECW (ORCPT + 95 others); Sun, 5 Nov 2017 00:02:22 -0400 Received: from mx2.suse.de ([195.135.220.15]:48306 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750724AbdKEECV (ORCPT ); Sun, 5 Nov 2017 00:02:21 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 8DC70AAAD; Sun, 5 Nov 2017 04:02:19 +0000 (UTC) Subject: Re: [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface To: "James E.J. Bottomley" , "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, Valentin Rothberg , cyphar@cyphar.com, stable@vger.kernel.org, "Eric W. Biederman" References: <20171105025635.10843-1-asarai@suse.de> From: Aleksa Sarai Message-ID: Date: Sun, 5 Nov 2017 15:02:10 +1100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171105025635.10843-1-asarai@suse.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/05/2017 01:56 PM, Aleksa Sarai wrote: > Previously, the only capability effectively required to operate on the > /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, > having an fsuid of GLOBAL_ROOT_UID was enough). This means that > semi-privileged processes could interfere with core components of a > system (such as causing a DoS by removing the underlying SCSI device of > the host's / mount). An alternative to this patch would be to make the open(2) call fail, if you try to open it write-only or read-write. Not sure which would be preferred (should it be possible to pass /proc/scsi/scsi to a semi-privileged process to write to?). -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ From 1583193190987872787@xxx Sun Nov 05 02:58:04 +0000 2017 X-GM-THRID: 1583193190987872787 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread