Re: [PATCH 0/6] File Sealing & memfd_create()

From: Florian Weimer
Date: Tue Apr 08 2014 - 09:27:01 EST

Next message: P J P: "Re: [PATCH] initramfs: remove "compression mode" choice"
Previous message: Dan Carpenter: "Re: [PATCH v5 3/3] memstick: Add realtek USB memstick host driver"
Next in thread: David Herrmann: "Re: [PATCH 0/6] File Sealing & memfd_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/19/2014 08:06 PM, David Herrmann wrote:

Unlike existing techniques that provide similar protection, sealing allows
file-sharing without any trust-relationship. This is enforced by rejecting seal
modifications if you don't own an exclusive reference to the given file. So if
you own a file-descriptor, you can be sure that no-one besides you can modify
the seals on the given file. This allows mapping shared files from untrusted
parties without the fear of the file getting truncated or modified by an
attacker.

How do you keep these promises on network and FUSE file systems? Surely there is still some trust involved for such descriptors?

What happens if you create a loop device on a sealed descriptor?

Why does memfd_create not create a file backed by a memory region in the current process? Wouldn't this be a far more generic primitive? Creating aliases of memory regions would be interesting for many things (not just libffi bypassing SELinux-enforced NX restrictions :-).

--
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: P J P: "Re: [PATCH] initramfs: remove "compression mode" choice"
Previous message: Dan Carpenter: "Re: [PATCH v5 3/3] memstick: Add realtek USB memstick host driver"
Next in thread: David Herrmann: "Re: [PATCH 0/6] File Sealing & memfd_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]