Re: [PATCH 5/8] dm/connector: Only process connector packages from privileged processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch (and " [PATCH 3/8] connector/dm: Fixed a compilation warning") will likely collide with an earlier patch (which agk is pushing) to fix the compilation warning (https://www.redhat.com/archives/dm-devel/2009-September/msg00218.html), but the fix-up will be trivial.

The dm-log-userspace code checks that incoming messages correspond to requests that were sent to userspace by way of a sequence number.  If they don't correspond, they are dropped.  So, you must be able to receive the messages from this kernel module (be root) in order to be able respond with a message that will be accepted.  I can't completely rule out the ability to guess a sequence number, and be able to beat the log daemon in responding while the window of that sequence number's validity is open though...  If someone could manage to pull this off with accuracy, they could disrupt the creation of a device, mimic a log device failure, or cause mirror resynchronization to occur to a different area that may simultaneously be performing a write (potential data corruption of a mirror).  It would be an impressive feat to accomplish this, but I very much welcome the patch rather than test fate.

Reviewed-by: Jonathan Brassow <jbrassow@xxxxxxxxxx>

 brassow

On Oct 2, 2009, at 7:40 AM, Philipp Reisner wrote:

Signed-off-by: Philipp Reisner <philipp.reisner@xxxxxxxxxx>
---
drivers/md/dm-log-userspace-transfer.c |    3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c
index 1327e1a..54abf9e 100644
--- a/drivers/md/dm-log-userspace-transfer.c
+++ b/drivers/md/dm-log-userspace-transfer.c
@@ -133,6 +133,9 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
{
struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);

+ if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+ return;
+
spin_lock(&receiving_list_lock);
if (msg->len == 0)
fill_pkg(msg, NULL);
--
1.6.0.4

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel

[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux