Re: [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic

From: James Morris <jmorris@xxxxxxxxx>
Date: Wed, 1 Oct 2008 00:23:45 +1000 (EST)

On Tue, 30 Sep 2008, Eric Paris wrote:

This patch adds a WARN_ONCE() to cap_capable() so we will stop
dereferencing random spots of memory and will cleanly tell the obviously
broken driver that it doesn't have that ridiculous permissions. No idea
if the driver is going to handle EPERM but anything that calls capable
and doesn't expect a denial has got to be the worst piece of code ever
written..... I could return EINVAL, but I think its clear that noone
has capabilities over 64 so clearly they don't have that permission.

This 'could' be considered a regression since 2.6.24. Neither SELinux
nor the capabilities system had a problem with ginormous request values
until we got 64 bit support, although this is OBVIOUSLY a bug with the
out of tree closed source driver....

An issue here is whether we should be adding workarounds in the mainline
kernel for buggy closed drivers. Papering over problems rather than
getting them fixed does not seem like a winning approach. Especially
problems which are unexpectedly messing with kernel security APIs.

Also, won't this encourage vendors of such drivers to continue with this
behavior, while discouraging those vendors who are doing the right thing?

Do we know if this even really helps the user? For all we know, the
driver may simply crash differently with an -EPERM.

- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic
  - From: Eric Paris

References:
- [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic
  - From: Eric Paris

Prev by Date: [PATCH] dw_dmac: Fix copy/paste bug in tasklet
Next by Date: Re: [GIT pull] timer fixes for .27
Previous by thread: [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic
Next by thread: Re: [PATCH] capability: WARN when invalid capability is requested rather than BUG/panic
Index(es):
- Date
- Thread

Relevant Pages

Re: driver signing? For Real? Joke?
... >> driver, as I was under the impression that if it is distributed ... >> signed vs unsigned wares is a useful feature. ... > I'm sure most vendors apply at least the same level of QA as Microsoft ... > Microsoft hasn't been known for stirling quality control. ...
(microsoft.public.windowsxp.security_admin)
Re: driver signing? For Real? Joke?
... > driver, as I was under the impression that if it is distributed ... and then later there is a service pack ... I'm sure most vendors apply at least the same level of QA as Microsoft ... Microsoft hasn't been known for stirling quality control. ...
(microsoft.public.windowsxp.security_admin)
Re: Free Linux Driver Development!
... in handhelds, mobiles, set-tops, and consumer-grade WiFi devices. ... been slow to cooperate with the kernel community is that their driver ... Another part of the problem is that embedded vendors come from a world ... case for open source drivers for the sexier bits. ...
(Linux-Kernel)
Re: Fedora Makes a Terrible Server?
... high MTBF issues, and in a big environment a machine crashing 1x per every 1000 days of uptime, comes to 1 machine a day crashing because of software, and typically the enterprise OSes aren't even close to that level, and while fedora is worse, it is just not that much worse. ... And on top of that I have had trivial driver changes in the enterprise OSes cause huge performance regressions (an FC driver update changed the queue depth to 64-which caused the speed to be 30% of what it was before on certain external FC raid disk arrays-this affected SLES9sp3 (9spkernel was ok), SLES10, any kernel.org with the newer driver, RHEL4), so no update can be counted on to not cause issues, this error was not seen by the driver maintainer until they got one of the external arrays to test with and saw it compared to a competitors board that was 3x faster under the newer kernel, but almost identical under the older kernel, and both RHEL and Sles testing did not catch it, to fix it we actually had to update to an unreleased driver that allowed the queue depth to be changed down, and wait for a update on Sles. ... To get this fixed it was far easier to work with the upstream driver maintainer and get them to push the update to the enterprise vendors than to try to get the enterprise vendors to find and fix the problem. ...
(Fedora)
Re: Mathematica problems on Solaris
... software (remember the 'ib' driver for the National Instruments ... It's not entirely fair to blame the vendors for not ... the moderator of comp.soft-sys.math.mathematica is Steve of the Sunfreeware site) ... Dave K MCSE. ...
(comp.unix.solaris)