Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open

From: Eric Biggers
Date: Wed Aug 03 2022 - 17:50:16 EST

Next message: kernel test robot: "[rmk-arm:sa1100 26/51] drivers/tty/serial/8250/8250.h:17:1: warning: empty declaration"
Previous message: Dave Hansen: "Re: [PATCH v1.1 1/2] x86/sev: Use per-CPU PSC structure in prep for unaccepted memory support"
In reply to: Daniil Lunev: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Next in thread: Daniil Lunev: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 04, 2022 at 06:44:53AM +1000, Daniil Lunev wrote:
> > Have you also considered unlinking the device node (/dev/dm-$idx) from the
> > filesystem after it has been set up for swap?
> Yes, the node can be re-linked with mknod, thus is not a suitable solution.

I thought you were trying to defend against path traversal attacks, not
arbitrary code execution? If your threat model includes arbitrary code
execution by root, you really need to be using SELinux.

- Eric

Next message: kernel test robot: "[rmk-arm:sa1100 26/51] drivers/tty/serial/8250/8250.h:17:1: warning: empty declaration"
Previous message: Dave Hansen: "Re: [PATCH v1.1 1/2] x86/sev: Use per-CPU PSC structure in prep for unaccepted memory support"
In reply to: Daniil Lunev: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Next in thread: Daniil Lunev: "Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]