Thank you so much for the response. :) I think a malicious driver (in kernel space) can still call these functions to create a device node, which is dangerous. If this is not possible, then there is no security hole.
If that is possible, then the question is if LSM can help -- if the SELinux policy allows us to specify such detailed rules "which driver should have access to which inodes/function". I am not sure if SELinux only restricts user space processes. Thanks, Lin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg KH Sent: Wednesday, October 31, 2007 11:12 PM To: Tan, Lin Cc: linux-security-module@vger.kernel.org Subject: Re: Possible missing security checks in usbfs? On Wed, Oct 31, 2007 at 07:02:27PM -0500, Tan, Lin wrote: > Hello, > > I found several places performing mknod and mkdir operations without > the proper security_inode_permission/mknod/mkdir checks. But I am not > sure if it is that usbfs does not use LSM at all or there are real > security violations. > > One such example is as follows. > > In linux-2.6.21.5/drivers/usb/core/inode.c, function usbfs_mknod() > accesses sensitive inode data structure, but is not authorized by a > security check, at least in one of the call chains: usbfs_mknod <- > usbfs_mkdir <- fs_create_by_name <- fs_create_file <- > usbfs_add_device<- usbfs_notify > > Considering the mknod operation for many files systems, such as ext2, > ext3, and jfs, is authorized by a security check via the vfs_mknod() > function call, the missing checks in usbfs might be a problem. As author of usbfs in its current implementation, I don't see where the problem is. Only the kernel itself creates files, no userspace process does, so there is no need to do any kind of security check, right? Do you see some way an unprivilidged user can create a device node in usbfs? thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
