Re: [PATCH][RFC] Simple tamper-proof device filesystem.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Tetsuo Handa <penguin-kernel@...>

Cc: <indan@...>, <linux-fsdevel@...>, <linux-kernel@...>, <w@...>, <serue@...>

Subject: Re: [PATCH][RFC] Simple tamper-proof device filesystem.

Date: Friday, January 11, 2008 - 10:46 am

On Fri, Jan 11, 2008 at 11:05:07PM +0900, Tetsuo Handa wrote:
quoted text> Not only mknod() but also rename()/unlink()/link()/mount(bind) etc. that may
> cause filename/attribute mismatching.
> 
> How can the daemon know whether the request is trying to manipulate nodes
> in /dev directory or not?
> If "mount --bind /dev/ /var/dir/" is used, the daemon must check
> filename/attribute pair when mknod("/var/dir/null") is requested
> because permitting the request will modify /dev state.
> If "mount --bind /dev/ /var/dir/" is not used, the daemon must not check
> filename/attribute pair when mknod("/var/dir/null") is requested
> because permitting the request will not modify /dev state.
> 
> 
> 
> What does the daemon do? It receives requests from the LD_PRELOAD library
> using UNIX domain socket and checks filename/attribute pair and issue
> mknodat()/renameat()/unlinkat()/linkat() etc. when the combination is appropriate?
> 
> What does the LD_PRELOAD library do? It intercepts all pathname related syscalls
> (except open()) and solve directory component and determine whether the request is
> trying to manipulate nodes in /dev direcrtory and forward request to the daemon
> using UNIX domain socket?
> 
> "Make the daemon and the LD_PRELOAD library bug-and-race free and
> develop the MAC policy for the daemon and the LD_PRELOAD library"
> and "Make this filesystem bug-and-race free". Which one is easier?

I think a good question is:

What kind of idiot wrote a program that thinks it is allowed to go
messing with the contents of /dev?  There simply can't be a good reason
for an application to do that.  Device nodes should match up with
devices, so as long as the device nodes exist for all your devices, then
everything should just work and no one should ever have a reason to go
changing things for any reason.

Perhaps the real solution is a preload library that blocks the idiotic
program from touching anything in /dev with anything other than
open/close/read/write.

Of course it could also help to simply tell people what this stupid
program is actually doing and why it should be allowed to mess in places
it doesn't belong.

--
Len Sorensen
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Sun Jan 6, 2:20 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., , (Mon Jan 7, 1:09 pm)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Tue Jan 8, 9:50 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., , (Wed Jan 9, 1:04 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Wed Jan 9, 2:26 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Willy Tarreau, (Sun Jan 6, 2:26 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Sun Jan 6, 3:36 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Sun Jan 6, 11:20 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Mon Jan 7, 4:37 pm)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Tue Jan 8, 9:50 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Tue Jan 8, 11:47 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Wed Jan 9, 12:39 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Wed Jan 9, 9:59 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Thu Jan 10, 12:57 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Thu Jan 10, 7:05 pm)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Fri Jan 11, 4:46 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Fri Jan 11, 8:22 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Tetsuo Handa, (Fri Jan 11, 10:05 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Lennart Sorensen, (Fri Jan 11, 10:46 am)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Serge E. Hallyn, (Wed Jan 9, 7:08 pm)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Indan Zupancic, (Wed Jan 9, 9:06 pm)

Re: [PATCH][RFC] Simple tamper-proof device filesystem., Willy Tarreau, (Sun Jan 6, 3:45 am)


linux-kernel:
Alan Cox	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
Adrian Bunk	Re: LSM conversion to static interface
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
git:

openbsd-misc:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Andrew Morton	Re: [BUG] New Kernel Bugs
Winkler, Tomas	RE: iwlwifi: fix build bug in "iwlwifi: fix LED stall"

Re: [PATCH][RFC] Simple tamper-proof device filesystem.

Online users