On Sat, Aug 27, 2022 at 5:01 AM Rob Landley <r...@landley.net> wrote:
> On 8/25/22 09:52, enh wrote: > > On Thu, Aug 25, 2022 at 1:05 AM Rob Landley <r...@landley.net> wrote: > > > > What would have made SENSE was having the netlink hotplug interface > (ala > > nlmsg_type = RTM_GETLINK) register to say it's going to send back > response > > packets with credential info for each new node (something vaguely > like > > nlmsghdr.nlmsg_flags = BLAH|NLM_F_SETCRED;) then having device node > creation > > wait for the userspace credential request the same way it waits for > a userspace > > firmware load request. You could even watchdog it where a timeout > causes the > > device creation to return error and not make the node, and if the > netlink > > program exits without properly deregistering (and a new instance > doesn't > > restart) then that's gonna time out, meaning you can't do a security > attack by > > trying to kill the daemon. (DOS sure, but show me a daemon kill that > doesn't > > deny service.) And if you fire up the netlink daemon before mounting > devtmpfs > > for the first time, it gets to annotate all the initial device node > creations in > > a cleanish way so they're never exposed without credentials. > > > > yeah, from what i remember, that's roughly what the people who actually > know > > what they're talking about said that they'd need. but that's also what > they > > thought they wouldn't be able to get upstream in any > realistically-spendable > > amount of time. > > I don't suppose anyone ever roughed up a kernel patch? > not that i remember or could find any evidence of. given that we'd need a userspace component anyway, and already have a working one, it was unclear that it would bring anything but disruption, new bugs, and a bunch of time spent arguing with upstream over something we didn't really _need_ anyway. see also https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02393.html (and the rest of the thread) for thoughts from someone who probably looked into it the most. (and that thread also ends with "what's the practical benefit [of moving to devtmpfs]?" with no answer.) > Rob >
_______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net