From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EDF0EC19F2B for ; Wed, 3 Aug 2022 21:50:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1659563420; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=FKJWZFFQMrfN9f8Jcyy7hdIfiM2jsUpC/H3yVNHtwCE=; b=YUO5IEXBLg+p5vbv0oAxwhFHaE4r7HHu/JogsP9nVBs0Tt3eO5M2MDNt2dzeyA9fnqfcgk gRNa2UCVNcR7SD21BklaxxTtvoYfcwcoUDjavMXXvV84eoKbCwzz2oY1nv1sapgJLCwLo2 DSOBUe85kdeqj5We6Se0dOVsmfF7fU4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-608-pGocaJ2SPSqI7UqN8tKD_g-1; Wed, 03 Aug 2022 17:50:17 -0400 X-MC-Unique: pGocaJ2SPSqI7UqN8tKD_g-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 866DA8037AC; Wed, 3 Aug 2022 21:50:16 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 074592166B26; Wed, 3 Aug 2022 21:50:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id DD1D91946A53; Wed, 3 Aug 2022 21:50:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 388481946A4E for ; Wed, 3 Aug 2022 21:50:14 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 1D41C2166B2A; Wed, 3 Aug 2022 21:50:14 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1995B2166B26 for ; Wed, 3 Aug 2022 21:50:14 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F3019280F2AD for ; Wed, 3 Aug 2022 21:50:13 +0000 (UTC) Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-516-qOMl68hvNC-7UHqgkg-hMA-1; Wed, 03 Aug 2022 17:50:11 -0400 X-MC-Unique: qOMl68hvNC-7UHqgkg-hMA-1 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 35C10615C2; Wed, 3 Aug 2022 21:50:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 34D1AC433C1; Wed, 3 Aug 2022 21:50:09 +0000 (UTC) Date: Wed, 3 Aug 2022 21:49:50 +0000 From: Eric Biggers To: Daniil Lunev Message-ID: References: MIME-Version: 1.0 In-Reply-To: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Brian Geffon , Mike Snitzer , linux-kernel@vger.kernel.org, Zdenek Kabelac , dm-devel@redhat.com, Mikulas Patocka , Alasdair Kergon Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Thu, Aug 04, 2022 at 06:44:53AM +1000, Daniil Lunev wrote: > > Have you also considered unlinking the device node (/dev/dm-$idx) from the > > filesystem after it has been set up for swap? > Yes, the node can be re-linked with mknod, thus is not a suitable solution. I thought you were trying to defend against path traversal attacks, not arbitrary code execution? If your threat model includes arbitrary code execution by root, you really need to be using SELinux. - Eric -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57AB5C19F2B for ; Wed, 3 Aug 2022 21:50:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237819AbiHCVuO (ORCPT ); Wed, 3 Aug 2022 17:50:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231407AbiHCVuL (ORCPT ); Wed, 3 Aug 2022 17:50:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5F852EA for ; Wed, 3 Aug 2022 14:50:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3DE78615C6 for ; Wed, 3 Aug 2022 21:50:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 34D1AC433C1; Wed, 3 Aug 2022 21:50:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1659563409; bh=BrvBHvTeL+xYbCEHOv5XtcAfbghOoBwnDllC6Zku4ac=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OQUSJ5C/ZXkaqfUWtXHS8klUkGgUuyJSQXw6/UVA9VnVtj5BABuC27VkpbafcVLwA Rwq3+KpfYcjTGPxVW72XC6bm+Hs0cBlpSsR0GYzBVf76CeApznq0mIC7wH71/gyoJq b9IDbUonfZaKYQO9GLyvTWa2suud4t7iS2163CW760MUaL4u121NiBbFYLpw84vUyf qwyc8KKmcAD0I27z34GaExmsCRZtNodcQq8+3H3+1vn7BTqhGvVMURuJsxMVgmbfS3 H5K+y6AdVuT7staCL4MC5dm+M9QG3SzcmZzTKibT89grQxIfnj1ZwBvBx0XINmehq7 JOZNhL2DePcFQ== Date: Wed, 3 Aug 2022 21:49:50 +0000 From: Eric Biggers To: Daniil Lunev Cc: Zdenek Kabelac , Brian Geffon , Mike Snitzer , linux-kernel@vger.kernel.org, dm-devel@redhat.com, Mikulas Patocka , Alasdair Kergon Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 04, 2022 at 06:44:53AM +1000, Daniil Lunev wrote: > > Have you also considered unlinking the device node (/dev/dm-$idx) from the > > filesystem after it has been set up for swap? > Yes, the node can be re-linked with mknod, thus is not a suitable solution. I thought you were trying to defend against path traversal attacks, not arbitrary code execution? If your threat model includes arbitrary code execution by root, you really need to be using SELinux. - Eric