[prev in list] [next in list] [prev in thread] [next in thread]
List: linux1394-devel
Subject: Re: RFC: raw1394 security sandbox patch
From: Stefan Richter <stefanr () s5r6 ! in-berlin ! de>
Date: 2006-09-27 17:05:30
Message-ID: 451AAF5A.50303 () s5r6 ! in-berlin ! de
[Download RAW message or body]
Dan Dennedy wrote:
> On Tuesday 26 September 2006 01:36, Stefan Richter wrote:
>> What if we deny async read/write/lock access by default but enable it
>> (for address ranges or totally) if a device was bound to the raw1394
>> driver?
...
> However, I do not see a way
> to directly use raw1394_id_table without iterating over devices to find the
> one matching by nodeid. I am still invoking driver_find_device()
...
I had a brief look if there could be a useful lookup function exported
from nodemgr but wasn't satisfied with what I found on first take.
Still, this will involve iterations over lists anyway.
>> Of course this would make unprivileged access impossible until nodemgr
>> finished rescanning the node after each bus reset, or with
>> ieee1394.disable_nodemgr=1.
>
> The only problem I forsee is the timing between nodemgr and protocol libs on
> bus reset. The libs are not doing anything on reset, but the apps using the
> libs could be using the libs immediately. As long as raw1394 returns EAGAIN
> during reset pending nodemgr completion, libavc1394, librom1394, libice61883,
> and libdc1394 will act appropriately. I know raw1394 does not check
> in_bus_reset, but lower levels do. So, I am not yet sure if EAGAIN will be
> issued in that situation.
We actually have to check for hpsb_node_entry_valid(). Only this tells
us if a node's identity was confirmed by nodemgr after a bus reset.
So it all comes with costs. Therefore a security-wise weaker but simpler
to code static check shouldn't be ruled out yet. I will probably need a
few days until I can check the SBP-2 target agents' address spaces
around here.
--
Stefan Richter
-=====-=-==- =--= ==-==
http://arcgraph.de/sr/
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
mailing list linux1394-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux1394-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic