From: Matthew Garrett <mjg59@google.com>
To: david@fromorbit.com
Cc: Theodore Ts'o <tytso@mit.edu>,
sandeen@sandeen.net, ebiggers3@gmail.com,
darrick.wong@oracle.com, bfoster@redhat.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: Bugs involving maliciously crafted file system
Date: Wed, 30 May 2018 13:51:44 -0700 [thread overview]
Message-ID: <CACdnJutbRW4wV7QAwS9s-=p1dd7mYkHqEX1NBkEXiD+oBV3-xw@mail.gmail.com> (raw)
In-Reply-To: <20180524004931.GB23861@dastard>
On Wed, May 30, 2018 at 1:42 PM Dave Chinner <david@fromorbit.com> wrote:
> We've learnt this lesson the hard way over and over again: don't
> parse untrusted input in privileged contexts. How many times do we
> have to make the same mistakes before people start to learn from
> them?
You're not wrong, but we haven't considered root to be fundamentally
trustworthy for years - there are multiple kernel features that can be
configured such that root is no longer able to do certain things (the
one-way trap for requiring module signatures is the most obvious, but
IMA in appraisal mode will also restrict root), and as a result it's
not reasonable to be worried only about users - it's also necessary to
prevent root form being able to deliberately mount a filesystem that
results in arbitrary code execution in the kernel.
next prev parent reply other threads:[~2018-05-30 20:51 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-21 17:55 INFO: task hung in xlog_grant_head_check syzbot
2018-05-22 12:31 ` Brian Foster
2018-05-22 22:26 ` Dave Chinner
2018-05-22 22:52 ` Eric Biggers
2018-05-23 4:47 ` Dave Chinner
2018-05-23 7:44 ` Darrick J. Wong
2018-05-23 16:20 ` Eric Biggers
2018-05-23 18:01 ` Eric Sandeen
2018-05-23 23:41 ` Bugs involving maliciously crafted file system Theodore Y. Ts'o
2018-05-24 0:49 ` Dave Chinner
2018-05-24 0:59 ` Theodore Y. Ts'o
2018-05-24 3:55 ` Dave Chinner
2018-05-24 13:16 ` Eric Sandeen
2018-05-30 19:41 ` Eric W. Biederman
2018-05-30 20:51 ` Matthew Garrett [this message]
2018-06-11 13:11 ` Dmitry Vyukov
2018-05-26 17:12 ` Dmitry Vyukov
2018-05-26 20:24 ` Theodore Y. Ts'o
2018-06-11 13:07 ` Dmitry Vyukov
2018-06-11 13:33 ` Theodore Y. Ts'o
2018-06-15 9:32 ` Dmitry Vyukov
2018-06-11 13:20 ` INFO: task hung in xlog_grant_head_check Dmitry Vyukov
2018-06-11 14:35 ` Eric Sandeen
2018-05-23 23:35 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACdnJutbRW4wV7QAwS9s-=p1dd7mYkHqEX1NBkEXiD+oBV3-xw@mail.gmail.com' \
--to=mjg59@google.com \
--cc=bfoster@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=david@fromorbit.com \
--cc=ebiggers3@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).