Hi, Le mercredi 22 mai 2013 à 14:32 -0700, Roland Dreier a écrit : > On Mon, May 20, 2013 at 2:43 PM, Yann Droneaud <[email protected]> wrote: > > libibverbs must refuse to load arbitrary shared objects. > > > > This patch check the configuration directory and files for > > - being owned by root; > > - not being writable by others. > > uverbs is an unprivileged interface. Right now I can develop and test > libibverbs and driver code as an unprivileged user. If I'm > understanding correctly, this patch would break that -- I'd have to > install to a root-owned directory to test. >
I've missed this use case. Indeed user should be able to use his own version of libibverbs and configuration files. > What's the exploit this protects against? The configuration mechanism allow loading arbitrary shared object: this should be done with care when running setuid binaries / running program as root. Adding some basic sanity check is welcome to protect from someone tampering the configuration files. I'm going to post an updated patchset which will secure (in-depth) access to configuration files while allowing user to use their own files. Regards. -- Yann Droneaud OPTEYA -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
