On Tuesday 18 September 2001 20:17, you wrote:
> >
> > Is this realy potentialy exploitable?
>
> Yes : all IAS entry set by any user (root or not) can be
> manipulated by any other user.
> Does it matter ? No. IAS entry that are set by users are not
> used for any IrDA functionality.
Does matter. I want to implement an IrDA enabled server process
which serve custom applications made for PDAs (e.g. a Palmtop). So,
my server app set custom IAS entries which are not needed by IrDA stack.
IAS was created not for IrDA itself, but for applications wich run
on top of IrDA.
>
> > Can be a mecanism to seperate root/user or user1/user2?
> > (I found that entries set by kernel are imune to deleting with
> > IRDA_IAS_DEL)
>
> The only IAS entries that matter are the one set by the
> kernel. All the other IAS entries are cosmetic and not used by the
> IrDA stack.
> There is no point in trying to separate the users in the
> kernel. If you are really worried, just restrict the IAS_SET/IAS_DEL
> calls to root only and prevent normal users to manipulate the IAS (they
> have no need to do it anyway).
> If you send me a patch that restrict the setsockopt call to
> root, I'll forward it to Linus.
No, no. Give me time to think. It's a need to have non-root apps
set options. It's like restricting setsockopt() for AF_INET sockets
to only root. I want to have apps run under normal privileges to
minimize potentialy exploatable as root.
>
> > Is need to write a document and advertise for possible danger if we
> > cannot this situation if all I say is correct?
> >
> > P.S. I think IrDA was designed by people concerned only to desktop users
> > (i.e. one user, one device and monouser O.S.)
>
> I think you give to much importance to the IAS
> functionality. There is not much you can do with it anyway. If you
> want, we'll restrict it to root only and that will be fixed.
See above.
>
> > P.S.S. For Jean: is now possible to escape from having same name object
> > and different IDs?
>
> Nope, the IrDA stack needs it. The number one priority here is
> to have a fully working IrDA stack.
Sure you have right it need it and it's compliant. But to be fully
I must have set/getsockopt calls which manipulate IAS entries by ID!
IRDA_IAS_ID_SET, IRDA_IAS_ID_GET and IRDA_IAS_ID_DEL.
This way I can manipulate any entry in local IAS.
Second problem: while "DeviceName" attribute can by changed
from /proc/sys/net/irda/devname, "IrLMPSupport" have no way
to be changed (it's just set to default octet sequence).
Reading from memory, "IrLMPSupport" advertise some IrLMP
functionalities. Isn'y necesary to have control for this?
(at least in spirit of Linux functionality)
kind regards,
--
Claudiu Costin
<[EMAIL PROTECTED]>
_______________________________________________
Linux-IrDA mailing list - [EMAIL PROTECTED]
http://www.pasta.cs.UiT.No/mailman/listinfo/linux-irda
