Dne 31.1.2019 v 13:26 Mark Brown napsal(a): > On Thu, Jan 31, 2019 at 09:08:04AM +0100, Takashi Iwai wrote: >> Mark Brown wrote: > >>> anything O_APPEND based. My understanding is that this is fundamentally >>> a risk mitigation thing - by not having any of the sound kernel >>> interfaces available to the applications affected there's no possibility >>> that any problems in the sound code can cause security issues. > >> The patch 2 implements exactly that kind of access restriction, so >> that the passed fd won't do anything else than wished. > > Yeah. > >> If we want to be super-conservative, the implementation could be even >> simpler -- instead of filtering, we may pass a minimum fd ops that >> contains only mmap and release for the anon-dup fd... > > I think that'd definitely help address the concerns. A possible implementation: http://git.alsa-project.org/?p=alsa-kernel.git;a=commitdiff;h=ca15bc69a984cc0eae2c43d0a49c66a20c937f39 Jaroslav -- Jaroslav Kysela <perex@xxxxxxxx> Linux Sound Maintainer; ALSA Project; Red Hat, Inc. _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
