On Tue, Dec 17, 2019 at 11:48 AM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > > On Fri, Dec 13, 2019 at 10:48 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, Dec 13, 2019 at 11:39:54AM +0100, Dmitry Vyukov wrote: > > > On Fri, Dec 13, 2019 at 11:10 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > You set up a dubious memory base for your uart and then get upset when > > > > > > > > you write to that location. > > > > > > > > > > > > > > > > I don't know what to really do about this, this is a root-only operation > > > > > > > > and you are expected to know what you are doing when you attempt this. > > > > > > > > > > > > > > Hi Greg, > > > > > > > > > > > > > > Thanks for looking into this! > > > > > > > Should we restrict the fuzzer from accessing /dev/ttyS* entirely? > > > > > > > > > > > > No, not at all. > > > > > > > > > > > > > Or only restrict TIOCSSERIAL on them? Something else? > > > > > > > > > > > > Try running not as root. if you have CAP_SYS_ADMIN you can do a lot of > > > > > > pretty bad things with tty ports, as you see here. There's a reason the > > > > > > LOCKDOWN_TIOCSSERIAL "security lockdown" check was added :) > > > > > > > > > > > > The TIOCSSERIAL ioctl is a nice one for a lot of things that are able to > > > > > > be done as a normal user (baud rate changes, etc.), but there are also > > > > > > things like setting io port memory locations that can cause random > > > > > > hardware accesses and kernel crashes, as you instantly found out here :) > > > > > > > > > > > > So restrict the fuzzer to only run as a "normal" user of the serial > > > > > > port, and if you find problems there, I'll be glad to look at them. > > > > > > > > > > Easier said than done. "normal user of the serial port" is not really > > > > > a thing in Linux, right? You either have CAP_SYS_ADMIN or not, that's > > > > > not per-device... > > > > > > > > Not true, there's lots of users of serial port devices that do not have > > > > CAP_SYS_ADMIN set. That's why we have groups :) > > > > > > > > You can change the baud rate of your usb-serial device without root > > > > permissions, right? That's a "normal" user right there. > > > > > > Yes, but this requires dropping CAP_SYS_ADMIN. And one can't drop > > > CAP_SYS_ADMIN only for ttyS. If it would be a separate capability, we > > > could drop just that, but not CAP_SYS_ADMIN. > > > > Ok, I think we are talking past each other here. I am saying that it is > > fine to talk to a serial port without CAP_SYS_ADMIN. That should be > > "safe" and not cause bad things to happen. > > > > But if you do have CAP_SYS_ADMIN, you can do a lot more "bad" things > > with a serial port (like setting memory addresses). > > > > Your tool always has this capability, which is fine, but does not mean > > that serial port accesses by everyone has to have that capability, which > > is what I thought you were saying. > > I mean that I don't see a realistic way to apply your "Try running not > as root" suggestion. > We can drop root, but that will dramatic effect on lots of other > things that has nothing to do with serial console. I've disabled testing of TIOCSSERIAL in syzkaller: https://github.com/google/syzkaller/commit/af9047c60a3db32d5e43c29321f8f531db051a63 #syz invalid
