Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges

BUG: GPF in non-whitelisted uaccess (non-canonical address?) · syzbot <hidden> · 2018-11-11
Re: BUG: GPF in non-whitelisted uaccess (non-canonical address?) · syzbot <hidden> · 2018-11-14
Re: BUG: GPF in non-whitelisted uaccess (non-canonical address?) · David Herrmann <hidden> · 2018-11-14
Re: BUG: GPF in non-whitelisted uaccess (non-canonical address?) · Dmitry Vyukov <dvyukov@google.com> · 2018-11-14
Re: BUG: GPF in non-whitelisted uaccess (non-canonical address?) · Eric Biggers <ebiggers@kernel.org> · 2018-11-14
[PATCH] HID: uhid: prevent uhid_char_write() under KERNEL_DS · Eric Biggers <ebiggers@kernel.org> · 2018-11-14
Re: [PATCH] HID: uhid: prevent uhid_char_write() under KERNEL_DS · Dmitry Torokhov <hidden> · 2018-11-14
Re: [PATCH] HID: uhid: prevent uhid_char_write() under KERNEL_DS · Jann Horn <jannh@google.com> · 2018-11-14
[PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Eric Biggers <ebiggers@kernel.org> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Jann Horn <jannh@google.com> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Dmitry Torokhov <hidden> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Jann Horn <jannh@google.com> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Dmitry Torokhov <hidden> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Andy Lutomirski <luto@amacapital.net> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Eric Biggers <ebiggers@kernel.org> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Dmitry Torokhov <hidden> · 2018-11-14
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Benjamin Tissoires <hidden> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · David Herrmann <hidden> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Andy Lutomirski <luto@amacapital.net> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · David Herrmann <hidden> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Andy Lutomirski <luto@amacapital.net> · 2018-11-15
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Jiri Kosina <jikos@kernel.org> · 2018-11-19
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · David Herrmann <hidden> · 2018-11-19
Re: [PATCH v2] HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · Jiri Kosina <jikos@kernel.org> · 2018-11-19
Re: [PATCH] HID: uhid: prevent uhid_char_write() under KERNEL_DS · Eric Biggers <ebiggers@kernel.org> · 2018-11-14

From: Jiri Kosina <jikos@kernel.org>
Date: 2018-11-19 13:26:16
Also in: lkml, stable

On Mon, 19 Nov 2018, David Herrmann wrote:

quoted

Thanks for the patch. I however believe the fix below is more generic, and
would prefer taking that one in case noone sees any major flaw in that
I've overlooked. Thanks.

As Andy rightly pointed out, the credentials check is actually needed.
The scenario here is using a uhid-fd as stdout when executing a
setuid-program. This will possibly end up reading arbitrary memory
from the setuid program and use it as input for the hid-descriptor.

Ah, right, that's a very good point indeed; I've overlooked that (valid) 
concern in the thread. Thanks for spotting that, Andy.

I've now applied Eric's patch. Thanks everybody,

-- 
Jiri Kosina
SUSE Labs

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help