Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open

From: Daniil Lunev
Date: Wed Aug 03 2022 - 00:12:44 EST

Next message: kernel test robot: "[tobetter:odroid-5.19.y 51/99] drivers/gpu/drm/drm_mipi_dbi.c:77:17: warning: unused variable 'mipi_dbi_dcs_read_commands'"
Previous message: Eric Biggers: "Re: [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue"
Next in thread: Eric Biggers: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all
To signal boost here. What can we do to advance the discussion on this
topic? Can we move forward with the approach or are there any
alternative suggestions how the desired behaviour can be achieved?
Thanks,
--Daniil

On Tue, Jul 19, 2022 at 9:42 AM Daniil Lunev <dlunev@xxxxxxxxxxxx> wrote:
>
> We understand that if someone acquires root it is a game over. The intent of
> this mechanism is to reduce the attack surface. The exposure might be a
> certain system daemon that is exploited into accessing a wrong node in
> the filesystem. And exposing modifiable system memory is a pathway for
> further escalation and leaks of secrets. This is a defense in depth mechanism,
> that is intended to make attackers' lives harder even if they find an
> exploitable
> vulnerability.
> We understand that in regular situations people may not want the behaviour,
> that is why the mechanism is controlled via a side channel - if a message is
> never sent - the behaviour is not altered.
> --Daniil

Next message: kernel test robot: "[tobetter:odroid-5.19.y 51/99] drivers/gpu/drm/drm_mipi_dbi.c:77:17: warning: unused variable 'mipi_dbi_dcs_read_commands'"
Previous message: Eric Biggers: "Re: [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue"
Next in thread: Eric Biggers: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]