From: Jiri Kosina <jikos@kernel.org>
To: David Herrmann <dh.herrmann@gmail.com>
Cc: ebiggers@kernel.org,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
"open list:HID CORE LAYER" <linux-input@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
syzkaller-bugs@googlegroups.com,
Dmitry Vyukov <dvyukov@google.com>,
Dmitry Torokhov <dtor@google.com>,
syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com,
stable <stable@vger.kernel.org>, Jann Horn <jannh@google.com>,
Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
Date: Mon, 19 Nov 2018 14:26:11 +0100 (CET) [thread overview]
Message-ID: <nycvar.YFH.7.76.1811191425280.21108@cbobk.fhfr.pm> (raw)
In-Reply-To: <CANq1E4QDP9EiJZG2pqfKtA_ESoBgNb5ECjause2tTUdYWaqYZA@mail.gmail.com>
On Mon, 19 Nov 2018, David Herrmann wrote:
> > Thanks for the patch. I however believe the fix below is more generic, and
> > would prefer taking that one in case noone sees any major flaw in that
> > I've overlooked. Thanks.
>
> As Andy rightly pointed out, the credentials check is actually needed.
> The scenario here is using a uhid-fd as stdout when executing a
> setuid-program. This will possibly end up reading arbitrary memory
> from the setuid program and use it as input for the hid-descriptor.
Ah, right, that's a very good point indeed; I've overlooked that (valid)
concern in the thread. Thanks for spotting that, Andy.
I've now applied Eric's patch. Thanks everybody,
--
Jiri Kosina
SUSE Labs
prev parent reply other threads:[~2018-11-19 13:26 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-11 18:26 BUG: GPF in non-whitelisted uaccess (non-canonical address?) syzbot
2018-11-14 0:25 ` syzbot
2018-11-14 12:20 ` David Herrmann
2018-11-14 16:52 ` Dmitry Vyukov
2018-11-14 17:14 ` Eric Biggers
2018-11-14 18:02 ` [PATCH] HID: uhid: prevent uhid_char_write() under KERNEL_DS Eric Biggers
2018-11-14 18:14 ` Dmitry Torokhov
2018-11-14 18:18 ` Jann Horn
2018-11-14 21:54 ` Eric Biggers
2018-11-14 21:55 ` [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges Eric Biggers
2018-11-14 22:04 ` Jann Horn
2018-11-14 22:28 ` Dmitry Torokhov
2018-11-14 22:37 ` Jann Horn
2018-11-14 22:46 ` Dmitry Torokhov
2018-11-15 0:39 ` Andy Lutomirski
2018-11-14 23:00 ` Eric Biggers
2018-11-14 23:20 ` Dmitry Torokhov
2018-11-15 8:14 ` Benjamin Tissoires
2018-11-15 12:06 ` David Herrmann
2018-11-15 14:50 ` Andy Lutomirski
2018-11-15 12:09 ` David Herrmann
2018-11-15 14:49 ` Andy Lutomirski
2018-11-19 12:52 ` Jiri Kosina
2018-11-19 13:21 ` David Herrmann
2018-11-19 13:26 ` Jiri Kosina [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.1811191425280.21108@cbobk.fhfr.pm \
--to=jikos@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=dh.herrmann@gmail.com \
--cc=dtor@google.com \
--cc=dvyukov@google.com \
--cc=ebiggers@kernel.org \
--cc=jannh@google.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).