All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dmitry Vyukov <dvyukov@google.com>
To: Matthew Garrett <mjg59@google.com>
Cc: Dave Chinner <david@fromorbit.com>,
	"Theodore Ts'o" <tytso@mit.edu>,
	Eric Sandeen <sandeen@sandeen.net>,
	Eric Biggers <ebiggers3@gmail.com>,
	"Darrick J. Wong" <darrick.wong@oracle.com>,
	Brian Foster <bfoster@redhat.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	linux-xfs <linux-xfs@vger.kernel.org>,
	syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Subject: Re: Bugs involving maliciously crafted file system
Date: Mon, 11 Jun 2018 15:11:17 +0200	[thread overview]
Message-ID: <CACT4Y+bnOt5pCv5BvQ_AQHdvLSNKZSrw+w4Aa5YJRFNy4o0jww@mail.gmail.com> (raw)
In-Reply-To: <CACdnJutbRW4wV7QAwS9s-=p1dd7mYkHqEX1NBkEXiD+oBV3-xw@mail.gmail.com>

On Wed, May 30, 2018 at 10:51 PM, 'Matthew Garrett' via syzkaller-bugs
<syzkaller-bugs@googlegroups.com> wrote:
> On Wed, May 30, 2018 at 1:42 PM Dave Chinner <david@fromorbit.com> wrote:
>> We've learnt this lesson the hard way over and over again: don't
>> parse untrusted input in privileged contexts. How many times do we
>> have to make the same mistakes before people start to learn from
>> them?
>
> You're not wrong, but we haven't considered root to be fundamentally
> trustworthy for years - there are multiple kernel features that can be
> configured such that root is no longer able to do certain things (the
> one-way trap for requiring module signatures is the most obvious, but
> IMA in appraisal mode will also restrict root), and as a result it's
> not reasonable to be worried only about users - it's also necessary to
> prevent root form being able to deliberately mount a filesystem that
> results in arbitrary code execution in the kernel.

FWIW, Android also does not consider root as trusted entity. It's
limited by SELinux and maybe something else. Kernel becomes the main
attack target on Android. Even if attackers get root, they still go
for kernel execution or kernel data corruption to do anything harmful.
And kernel is exploited with use-after-frees, out-of-bounds,
double-frees, etc.

  reply	other threads:[~2018-06-11 13:11 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-21 17:55 INFO: task hung in xlog_grant_head_check syzbot
2018-05-22 12:31 ` Brian Foster
2018-05-22 22:26   ` Dave Chinner
2018-05-22 22:52     ` Eric Biggers
2018-05-23  4:47       ` Dave Chinner
2018-05-23  7:44       ` Darrick J. Wong
2018-05-23 16:20         ` Eric Biggers
2018-05-23 18:01           ` Eric Sandeen
2018-05-23 23:41             ` Bugs involving maliciously crafted file system Theodore Y. Ts'o
2018-05-24  0:49               ` Dave Chinner
2018-05-24  0:59                 ` Theodore Y. Ts'o
2018-05-24  3:55                   ` Dave Chinner
2018-05-24 13:16                   ` Eric Sandeen
2018-05-30 19:41                   ` Eric W. Biederman
2018-05-30 20:51                 ` Matthew Garrett
2018-06-11 13:11                   ` Dmitry Vyukov [this message]
2018-05-26 17:12               ` Dmitry Vyukov
2018-05-26 20:24                 ` Theodore Y. Ts'o
2018-06-11 13:07                   ` Dmitry Vyukov
2018-06-11 13:33                     ` Theodore Y. Ts'o
2018-06-15  9:32                       ` Dmitry Vyukov
2018-06-11 13:20             ` INFO: task hung in xlog_grant_head_check Dmitry Vyukov
2018-06-11 14:35               ` Eric Sandeen
2018-05-23 23:35           ` Dave Chinner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACT4Y+bnOt5pCv5BvQ_AQHdvLSNKZSrw+w4Aa5YJRFNy4o0jww@mail.gmail.com \
    --to=dvyukov@google.com \
    --cc=bfoster@redhat.com \
    --cc=darrick.wong@oracle.com \
    --cc=david@fromorbit.com \
    --cc=ebiggers3@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=sandeen@sandeen.net \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.