|
|
Log in / Subscribe / Register

Security requirements for new kernel features

Security requirements for new kernel features

Posted Jul 28, 2022 14:51 UTC (Thu) by khuey (guest, #158560)
Parent article: Security requirements for new kernel features

How is the situation here different from the situation with ioctls? Wouldn't security modules need to grok (or alternatively just ignore) every random ioctl command too?

to post comments

Security requirements for new kernel features

Posted Jul 28, 2022 15:02 UTC (Thu) by magfr (subscriber, #16052) [Link]

I guess it is a question of an old and well known horror versus an entirely new horror.

In a perfect world all of the security stuff would be unnecessary but the world is sadly not perfect.

Security requirements for new kernel features

Posted Jul 28, 2022 22:51 UTC (Thu) by cschaufler (subscriber, #126555) [Link]

Security modules do have to deal with the hideousness of ioctls. SELinux introduces a sophisticated set of classes for them, but it's still somewhat wonkey. Smack relies on the correct use of ioctl command conventions (_IOC) by the driver implementations, even though the reliability of that is at best questionable. Neither is especially satisfactory. That's one reason there's a flap over io_uring_cmd. The collective community has had the opportunity to learn the lesson. It's disappointing that we have to have this bruhaha over and over.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds