On 8/25/22 09:52, enh wrote: > On Thu, Aug 25, 2022 at 1:05 AM Rob Landley <[email protected]> wrote: > > What would have made SENSE was having the netlink hotplug interface (ala > nlmsg_type = RTM_GETLINK) register to say it's going to send back response > packets with credential info for each new node (something vaguely like > nlmsghdr.nlmsg_flags = BLAH|NLM_F_SETCRED;) then having device node > creation > wait for the userspace credential request the same way it waits for a > userspace > firmware load request. You could even watchdog it where a timeout causes > the > device creation to return error and not make the node, and if the netlink > program exits without properly deregistering (and a new instance doesn't > restart) then that's gonna time out, meaning you can't do a security > attack by > trying to kill the daemon. (DOS sure, but show me a daemon kill that > doesn't > deny service.) And if you fire up the netlink daemon before mounting > devtmpfs > for the first time, it gets to annotate all the initial device node > creations in > a cleanish way so they're never exposed without credentials. > > yeah, from what i remember, that's roughly what the people who actually know > what they're talking about said that they'd need. but that's also what they > thought they wouldn't be able to get upstream in any realistically-spendable > amount of time.
I don't suppose anyone ever roughed up a kernel patch? Rob _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
