From: Zdenek Kabelac <zdenek.kabelac@gmail.com>
To: Mikulas Patocka <mpatocka@redhat.com>,
Daniil Lunev <dlunev@chromium.org>
Cc: dm-devel@redhat.com, Mike Snitzer <snitzer@kernel.org>,
Brian Geffon <bgeffon@google.com>,
Alasdair Kergon <agk@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open
Date: Fri, 15 Jul 2022 21:38:35 +0200 [thread overview]
Message-ID: <cca5b463-a860-de8d-b7e4-a8d30aef2ff2@gmail.com> (raw)
In-Reply-To: <alpine.LRH.2.02.2207150528170.5197@file01.intranet.prod.int.rdu2.redhat.com>
Dne 15. 07. 22 v 11:36 Mikulas Patocka napsal(a):
>
> On Fri, 15 Jul 2022, Daniil Lunev wrote:
>
>> Hi Mike,
>> Thank you for your response. I should have probably added more context
>> to the commit message that I specified in the cover letter. The idea is to
>> prohibit access of all userspace, including the root. The main concern here
>> is potential system applications' vulnerabilities that can trick the system to
>> operate on non-intended files with elevated permissions. While those could
>> also be exploited to get more access to the regular file systems, those firstly
>> has to be useable by userspace for normal system operation (e.g. to store
>> user data), secondly, never contain plain text secrets. Swap content is a
>> different story - access to it can leak very sensitive information, which
>> otherwise is never available as plaintext on any persistent media - e.g. raw
>> user secrets, raw disk encryption keys etc, other security related tokens.
>> Thus we propose a mechanism to enable such a lockdown after necessary
>> configuration has been done to the device at boot time.
>> --Daniil
> If someone gains root, he can do anything on the system.
>
> I'm quite skeptical about these attempts; protecting the system from the
> root user is never-ending whack-a-mole game.
It's in fact a 'design feature' of whole DM that root can always open any
device in device stack (although cause some troubles to i.e. some lvm2 logic)
such feature is useful i.e. for debugging device problems. There was never an
intention to prohibit root user from 'seeing' all stacked devices.
Regards
Zdenek
next prev parent reply other threads:[~2022-07-15 19:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-04 0:02 [PATCH 0/1] Signal to disallow open of a dm device Daniil Lunev
2022-07-04 0:02 ` [PATCH 1/1] dm: add message command to disallow device open Daniil Lunev
2022-07-14 20:13 ` Mike Snitzer
2022-07-14 23:42 ` Daniil Lunev
2022-07-15 9:36 ` [dm-devel] " Mikulas Patocka
2022-07-15 19:38 ` Zdenek Kabelac [this message]
2022-07-18 23:42 ` Daniil Lunev
2022-08-03 4:12 ` Daniil Lunev
2022-08-03 4:23 ` Eric Biggers
2022-08-03 4:29 ` Daniil Lunev
2022-08-03 16:30 ` Mike Snitzer
2022-08-03 20:49 ` Daniil Lunev
2022-08-03 18:25 ` [dm-devel] " Eric Biggers
2022-08-03 20:44 ` Daniil Lunev
2022-08-03 21:49 ` Eric Biggers
2022-08-03 23:38 ` Daniil Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cca5b463-a860-de8d-b7e4-a8d30aef2ff2@gmail.com \
--to=zdenek.kabelac@gmail.com \
--cc=agk@redhat.com \
--cc=bgeffon@google.com \
--cc=dlunev@chromium.org \
--cc=dm-devel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox