Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-09 Thread Mickaël Salaün
On 08/12/2015 22:45, Richard Weinberger wrote: > Am 08.12.2015 um 21:37 schrieb Tristan Schmelcher: >> On 6 December 2015 at 09:43, Mickaël Salaün wrote: >>> Well, I'm concerned to use umask because it is not thread-safe and drivers >>> may use create_mem_file() in a multi-theaded context. >> >>

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-08 Thread Richard Weinberger
Am 08.12.2015 um 21:37 schrieb Tristan Schmelcher: > On 6 December 2015 at 09:43, Mickaël Salaün wrote: >> Well, I'm concerned to use umask because it is not thread-safe and drivers >> may use create_mem_file() in a multi-theaded context. > > You are right. We should perhaps set the umask to 070

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-08 Thread Tristan Schmelcher
On 6 December 2015 at 09:43, Mickaël Salaün wrote: > Well, I'm concerned to use umask because it is not thread-safe and drivers > may use create_mem_file() in a multi-theaded context. You are right. We should perhaps set the umask to 0700 permanently during process start. But I am not sure if th

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 06/12/2015 12:32, Mickaël Salaün wrote: > On 04/12/2015 18:13, Tristan Schmelcher wrote: >> If there is a concern that the mkstemp implementation may be insecure, >> why not set and restore the umask? >> > > I will add this safeguard. Well, I'm concerned to use umask because it is not thread-s

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 04/12/2015 18:13, Tristan Schmelcher wrote: > File permissions are checked at time of open, so I think this fchmod > call has never had any effect. Indeed, mmap doesn't require the file to be executable, only readable and writable. The fchmod seems to be a guarantee for this permissions but I

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-06 Thread Mickaël Salaün
On 06/12/2015 12:32, Mickaël Salaün wrote: > On 04/12/2015 18:13, Tristan Schmelcher wrote: >> File permissions are checked at time of open, so I think this fchmod >> call has never had any effect. > > Indeed, mmap doesn't require the file to be executable, only readable and > writable. The fchmo

Re: [PATCH v2 1/2] um: Set secure access mode for temporary file

2015-12-04 Thread Tristan Schmelcher
File permissions are checked at time of open, so I think this fchmod call has never had any effect. If there is a concern that the mkstemp implementation may be insecure, why not set and restore the umask? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a

[PATCH v2 1/2] um: Set secure access mode for temporary file

2015-11-29 Thread Mickaël Salaün
Replace the insecure mode 0777 with 0700 for temporary file to prohibit other users to change the executable mapped code. An attacker could gain access to the mapped file descriptor from the temporary file (before it is unlinked) in a read-only mode but it should not be accessible in write mode to