Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio

[Chris Wright]

* Linus Torvalds (torvalds@xxxxxxxx) wrote:
> Here's a totally untested patch. It's guaranteed not to do the "right 
> thing", simply because it doesn't _use_ the uid/euid information. But it's 
> in the right kind of direction.
> 
> If you change the "kill_proc_info()" into a "kill_proc_info_as_uid()" 
> call, and add that to kernel/signal.c (which is basically kill_proc_info() 
> except it uses the passed-in uid/euid for the "check_kill_permission()" 
> tests instead), it should be correct.
> 
> As-is, it won't work, because it will use a _random_ uid (whatever is the 
> currently running process) for the kill permission. So this really is just 
> a "use this as a template" kind of patch, DO NOT APPLY!

Sorry, I missed the thread up to this, but this looks fundamentally
broken.  The kill_proc_info_as_uid() idea is not sufficient because more
than uid/euid are needed for permission check.  There's capabilities and
security labels.  Is there a reason not to do normal async here?

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/