From: Panu Matilainen <pmatilai@redhat.com>
To: Thomas Monjalon <thomas.monjalon@6wind.com>,
Stephen Hemminger <stephen@networkplumber.org>
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH v4 0/2] Add support for driver directories
Date: Thu, 3 Dec 2015 09:59:02 +0200 [thread overview]
Message-ID: <565FF646.8000006@redhat.com> (raw)
In-Reply-To: <4326350.y6KGzOFPTo@xps13>
On 12/03/2015 04:26 AM, Thomas Monjalon wrote:
> 2015-12-02 18:07, Stephen Hemminger:
>> On Thu, 12 Nov 2015 16:52:32 +0100
>> Thomas Monjalon <thomas.monjalon@6wind.com> wrote:
>>
>>>>> This mini-series adds support for driver directory concept
>>>>> based on idea by Thomas Monjalon back in February:
>>>>> http://dpdk.org/ml/archives/dev/2015-February/013285.html
>>>>>
>>>>> In the process FreeBSD also gains plugin support (but untested).
>>>>>
>>>>> v4: - introduce error-early behavior for invalid plugin paths
>>>>> - support directories via the existing -d option instead of adding new
>>>>>
>>>>> v3: - merge the first commits
>>>>>
>>>>> v2: - move code to eal/common
>>>>> - add bsd support
>>>>>
>>>>> Panu Matilainen (2):
>>>>> eal: move plugin loading to eal/common
>>>>> eal: add support for driver directory concept
>>>>
>>>>
>>>> checkpatch complains for some indent problem (Thomas, can you fix this ?),
>>>> but the rest looks good to me.
>>>>
>>>> Acked-by: David Marchand <david.marchand@6wind.com>
>>>>
>>>> Thanks Panu.
>>>
>>> Applied, thanks
>>
>> This patch introduces a new issue reported by Coverity.
>>
>> The root cause of the problem is that you are checking that it s a directory first with stat
>> then calling dlopen(). I malicious entity could get between the stat and the dlopen.
>
> I think it is a false positive.
> The aim of loading every files in the directory is out of a security scope IMHO.
>
Yes its a false positive. The security aspect relates to world-writable
directories and even in there the problem is usually "test for existence
before creation", this is neither (if somebody routinely loads their
critical device drivers from /tmp on a system they have bigger problems
than this)
If somebody changes a file to a directory or vice versa then the
consecutive readdir() or dlopen() on that entry will just fail, end of
story. And if somebody has the permission to change entries in that
directory they dont have to bother with trying to time their changes
between stat() and dlopen().
Sure it could just call dlopen() on everything and if it fails try
readdir() on it. Matter of style, I dislike blindly stumbling and
crashing when I can simply take a look to see whether its a door, a
window or a wall :)
- Panu -
next prev parent reply other threads:[~2015-12-03 7:59 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-25 11:58 [dpdk-dev] [PATCH " Panu Matilainen
2015-09-25 11:58 ` [dpdk-dev] [PATCH 1/2] eal: refactor plugin list append from eal_parse_args() to a helper function Panu Matilainen
2015-09-25 11:58 ` [dpdk-dev] [PATCH 2/2] eal: add support for driver directory concept Panu Matilainen
2015-09-25 12:35 ` [dpdk-dev] [PATCH 0/2] Add support for driver directories David Marchand
2015-09-25 13:00 ` Panu Matilainen
2015-10-14 10:41 ` Panu Matilainen
2015-10-14 11:55 ` David Marchand
2015-10-16 11:58 ` [dpdk-dev] [PATCH 0/5 v2] " Panu Matilainen
2015-10-16 11:58 ` [dpdk-dev] [PATCH 1/5] eal: refactor plugin list append from eal_parse_args() to a helper function Panu Matilainen
2015-10-16 11:58 ` [dpdk-dev] [PATCH 2/5] eal: refactor plugin init " Panu Matilainen
2015-10-16 11:58 ` [dpdk-dev] [PATCH 3/5] eal: move plugin loading to eal/common Panu Matilainen
2015-10-16 11:58 ` [dpdk-dev] [PATCH 4/5] eal: add an error code to plugin init for the next step Panu Matilainen
2015-10-16 12:59 ` Bruce Richardson
2015-10-16 13:14 ` Panu Matilainen
2015-10-16 13:38 ` Panu Matilainen
2015-10-21 8:14 ` Thomas Monjalon
2015-10-16 11:58 ` [dpdk-dev] [PATCH 5/5] eal: add support for driver directory concept Panu Matilainen
2015-10-16 12:57 ` [dpdk-dev] [PATCH 1/5] eal: refactor plugin list append from eal_parse_args() to a helper function Bruce Richardson
2015-10-16 13:07 ` Panu Matilainen
2015-10-21 8:29 ` [dpdk-dev] [PATCH 0/2 v3] Add support for driver directories Panu Matilainen
2015-10-21 8:29 ` [dpdk-dev] [PATCH 1/2] eal: move plugin loading to eal/common Panu Matilainen
2015-10-21 10:15 ` David Marchand
2015-10-21 10:54 ` Panu Matilainen
2015-10-21 11:09 ` David Marchand
2015-10-21 11:15 ` Bruce Richardson
2015-10-21 11:53 ` Thomas Monjalon
2015-10-21 12:07 ` Panu Matilainen
2015-10-21 8:29 ` [dpdk-dev] [PATCH 2/2] eal: add support for driver directory concept Panu Matilainen
2015-10-21 8:44 ` Thomas Monjalon
2015-10-21 9:43 ` Panu Matilainen
2015-11-10 14:28 ` [dpdk-dev] [PATCH v4 0/2] Add support for driver directories Panu Matilainen
2015-11-10 15:04 ` David Marchand
2015-11-12 15:52 ` Thomas Monjalon
2015-12-03 2:07 ` Stephen Hemminger
2015-12-03 2:26 ` Thomas Monjalon
2015-12-03 7:59 ` Panu Matilainen [this message]
2015-11-10 14:28 ` [dpdk-dev] [PATCH v4 1/2] eal: move plugin loading to eal/common Panu Matilainen
2015-11-10 14:28 ` [dpdk-dev] [PATCH v4 2/2] eal: add support for driver directory concept Panu Matilainen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565FF646.8000006@redhat.com \
--to=pmatilai@redhat.com \
--cc=dev@dpdk.org \
--cc=stephen@networkplumber.org \
--cc=thomas.monjalon@6wind.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).