From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Yann Droneaud <ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH libibverbs v2 00/11] make read_config() more robust
Date: Mon, 12 Aug 2013 13:26:54 -0600 [thread overview]
Message-ID: <20130812192654.GC7968@obsidianresearch.com> (raw)
In-Reply-To: <cover.1375952089.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
On Thu, Aug 08, 2013 at 09:40:43PM +0200, Yann Droneaud wrote:
> Please find patches to protect libibverbs from using invalid,
> unsecure configuration files.
I really don't think any of this is necessary.
The expected installation for verbs is:
/ is secure
/etc is secure
/etc/ibverbs.d is secure
/etc/ibverbs.d/* is seucure and contains the correct contents.
[and similar statements about the shared libaries]
If these installation expectations are met then your patches are not
needed because all the path components are controlled exclusively by
root.
If you mis-install parts of your system with the wrong security
permissions then you will have a security problem.
It isn't the job of verbs to self-check the installation.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2013-08-12 19:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-08 19:40 [PATCH libibverbs v2 00/11] make read_config() more robust Yann Droneaud
[not found] ` <cover.1375952089.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2013-08-08 19:40 ` [PATCH libibverbs v2 01/11] read_config(): ignore files beginning with '.' Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 02/11] read_config(): ignore directory entry with backup suffix (~) Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 03/11] read_config(): open configuration directory with open() Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 04/11] read_config(): move file type check in read_config_file() Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 05/11] read_config_file(): use the directory file descriptor to open configuration file Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 06/11] read_config_file(): check opened file Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 07/11] read_config(): check opened directory Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 08/11] read_config(): refuse to open IBV_CONFIG_DIR if it's not a directory Yann Droneaud
[not found] ` <64fd9c35244a9d3ed56f77b049accb00b9ec95e9.1375952089.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2013-08-12 19:29 ` Jason Gunthorpe
2013-08-08 19:40 ` [PATCH libibverbs v2 09/11] Check owner/permissions of config directory/files Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 10/11] read_config(): reject symlinks Yann Droneaud
2013-08-08 19:40 ` [PATCH libibverbs v2 11/11] read_config_file(): refuse to open configuration file if it's symlink Yann Droneaud
2013-08-12 19:26 ` Jason Gunthorpe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130812192654.GC7968@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox