From mboxrd@z Thu Jan 1 00:00:00 1970 From: Panu Matilainen Subject: Re: [PATCH v4 0/2] Add support for driver directories Date: Thu, 3 Dec 2015 09:59:02 +0200 Message-ID: <565FF646.8000006@redhat.com> References: <5394034.PY3UYPlQag@xps13> <20151202180702.784048ca@xeon-e3> <4326350.y6KGzOFPTo@xps13> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: dev@dpdk.org To: Thomas Monjalon , Stephen Hemminger Return-path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id EEF822A5B for ; Thu, 3 Dec 2015 08:59:04 +0100 (CET) In-Reply-To: <4326350.y6KGzOFPTo@xps13> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 12/03/2015 04:26 AM, Thomas Monjalon wrote: > 2015-12-02 18:07, Stephen Hemminger: >> On Thu, 12 Nov 2015 16:52:32 +0100 >> Thomas Monjalon wrote: >> >>>>> This mini-series adds support for driver directory concept >>>>> based on idea by Thomas Monjalon back in February: >>>>> http://dpdk.org/ml/archives/dev/2015-February/013285.html >>>>> >>>>> In the process FreeBSD also gains plugin support (but untested). >>>>> >>>>> v4: - introduce error-early behavior for invalid plugin paths >>>>> - support directories via the existing -d option instead of adding new >>>>> >>>>> v3: - merge the first commits >>>>> >>>>> v2: - move code to eal/common >>>>> - add bsd support >>>>> >>>>> Panu Matilainen (2): >>>>> eal: move plugin loading to eal/common >>>>> eal: add support for driver directory concept >>>> >>>> >>>> checkpatch complains for some indent problem (Thomas, can you fix this ?), >>>> but the rest looks good to me. >>>> >>>> Acked-by: David Marchand >>>> >>>> Thanks Panu. >>> >>> Applied, thanks >> >> This patch introduces a new issue reported by Coverity. >> >> The root cause of the problem is that you are checking that it s a directory first with stat >> then calling dlopen(). I malicious entity could get between the stat and the dlopen. > > I think it is a false positive. > The aim of loading every files in the directory is out of a security scope IMHO. > Yes its a false positive. The security aspect relates to world-writable directories and even in there the problem is usually "test for existence before creation", this is neither (if somebody routinely loads their critical device drivers from /tmp on a system they have bigger problems than this) If somebody changes a file to a directory or vice versa then the consecutive readdir() or dlopen() on that entry will just fail, end of story. And if somebody has the permission to change entries in that directory they dont have to bother with trying to time their changes between stat() and dlopen(). Sure it could just call dlopen() on everything and if it fails try readdir() on it. Matter of style, I dislike blindly stumbling and crashing when I can simply take a look to see whether its a door, a window or a wall :) - Panu -