From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68320EB64D9 for ; Tue, 4 Jul 2023 20:56:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230219AbjGDU4I (ORCPT ); Tue, 4 Jul 2023 16:56:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229469AbjGDU4H (ORCPT ); Tue, 4 Jul 2023 16:56:07 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D25510C8 for ; Tue, 4 Jul 2023 13:56:07 -0700 (PDT) Received: from cwcc.thunk.org (pool-173-48-102-5.bstnma.fios.verizon.net [173.48.102.5]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 364KtTX5016481 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 4 Jul 2023 16:55:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1688504133; bh=+IHk8YSJoTMTlfyKSqeJRbN0ZDGPNH4j7UG15hoATpY=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=KsE/PTPPyIAtzyeQEVRROjWK4C270r6UA8WxxecB3vEiwUx0vkLRY2Nc5Cytin9uw j5+RxqtRgCasXKlCRDkJ+ZjqOkZ2aawBSNmGoekNMEpfGCFDSF5xo3ozSuOBULVH5y MMezXK1KH8Jqqm+xO001ohXUlztNJeEWLBA9l5fCnOkdogaObBEdtQxOzpM2gVrB6j cGXKNxQSW1NOOTyaWMhCc7sHYhyAGfNqfu0gpTl4iqfHdcRlrBwgL1vs7LVkIZPS7v hho8LiIA3ooAxUNWVQWJzURK4nUz2cPcYhydAwlUy00OJEUWyIaYV3+4WS1ZfmshTF sGIoUbYg+B+Uw== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 24F9E15C0280; Tue, 4 Jul 2023 16:55:29 -0400 (EDT) Date: Tue, 4 Jul 2023 16:55:29 -0400 From: "Theodore Ts'o" To: Eric Biggers Cc: Jan Kara , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, Christoph Hellwig , Christian Brauner , Jens Axboe , Kees Cook , syzkaller , Alexander Popov , linux-xfs@vger.kernel.org, linux-btrfs@vger.kernel.org, Dmitry Vyukov Subject: Re: [PATCH 1/6] block: Add config option to not allow writing to mounted devices Message-ID: <20230704205529.GH1178919@mit.edu> References: <20230704122727.17096-1-jack@suse.cz> <20230704125702.23180-1-jack@suse.cz> <20230704184416.GE1851@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230704184416.GE1851@sol.localdomain> Precedence: bulk List-ID: X-Mailing-List: linux-xfs@vger.kernel.org On Tue, Jul 04, 2023 at 11:44:16AM -0700, Eric Biggers wrote: > Does this prevent the underlying storage from being written to? Say if the > mounted block device is /dev/sda1 and someone tries to write to /dev/sda in the > region that contains sda1. > > I *think* the answer is no, writes to /dev/sda are still allowed since the goal > is just to prevent writes to the buffer cache of mounted block devices, not > writes to the underlying storage. That is really something that should be > stated explicitly, though. Well, at the risk of giving the Syzbot developers any ideas, we also aren't preventing someone from opening the SCSI generic device and manually sending raw SCSI commands to modify a mounted block device, and then no doubt they would claim that the kernel config CONFIG_CHR_DEV_SG is "insecure", and so therefore any kernel that could support writing CD or DVD's is by definition "insecure" by their lights... Which is why talking about security models without having an agreed upon threat model is really a waste of time... - Ted