Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL

From: Matthew Garrett
Date: Wed Mar 20 2013 - 09:17:20 EST

Next message: Axel Lin: "Re: [PATCH] BUG: pinmux: release only taken pins on error"
Previous message: Felipe Balbi: "Re: [PATCH 0/5] usb: musb/otg: cleanup and fixes"
In reply to: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Next in thread: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2013-03-19 at 18:02 -0700, H. Peter Anvin wrote:

> Looking at it in detail, EVERYTHING in CAP_SYS_RAWIO has the possibility
> of compromising the kernel, because they let device drivers be bypassed,
> which means arbitrary DMA, which means you have everything.

Having checked again, I don't think this is true. The most obvious case
is libata, which uses CAP_SYS_RAWIO to limit the ability to send raw ATA
commands. Being able to do so clearly permits userspace to avoid any
kind of policy the vfs has put in place, but there's no obvious way for
the user to modify the running kernel. Are you suggesting that removing
the CAP_SYS_RAWIO check there would be reasonable?

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
N‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹®w¥¢¸?™¨èÚ&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ0¶ìh®å’i

Next message: Axel Lin: "Re: [PATCH] BUG: pinmux: release only taken pins on error"
Previous message: Felipe Balbi: "Re: [PATCH 0/5] usb: musb/otg: cleanup and fixes"
In reply to: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Next in thread: H. Peter Anvin: "Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]