[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XATTR structure for biosfs entries

Hi Ulrich,

> |> Ah, yes, this one doesn't sound bad :-) but just at this moment a more
> |> general problems comes to my mind: If the device driver has full access
> |> to its XATTR field, it can also change its own uid/gid or so. This won't
> |> matter for the built-in ones, but someone _could_ write a driver which
> |> can self-change its uid to superuser... Looks a bit like a security hole :-(
> |>
> Well, if you can put your own device driver into the system folder, then
> THAT is a security hole, as a device driver can (in priciple) do anything
> it wants, even change the uid of the current process, and it does not need
> access to its own file uid/gid field. I think this is definitly not a
> security hole.

Well you mustn't put an XDD driver into the system folder, you can also
start it up using "normal" dcntl's and come to the same problem... :-(

The longer I think about this, the more my head begins to hurt...

So, to make it really secure, it looks like Dcntl's on the biosfs should
be limited to superuser processes.

PS: If the above written looks weird, than that's because it probably IS.
WhoDunnIt: Torsten Scherer (Schiller, TeSche...)
Technical Faculty, University of Bielefeld, Germany (52'5"N 8'35"E)
EMail: itschere@techfak.uni-bielefeld.de / tesche@dave.hrz.uni-bielefeld.de