From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0051.outbound.protection.outlook.com [104.47.2.51]) by dpdk.org (Postfix) with ESMTP id 0A8EE1B198 for ; Sun, 28 Jan 2018 10:04:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2EtIHJkHhaqbmiumifi1sZ5FRAhUKQI7XJ1O00bvz2A=; b=TU5UjgRBgzdCB57V0oEiYNqwLInsWpvI+pWtH92vZfTsVRwyUk99VOerDBhG4bB7tjUOdh9nyOJnmM1ChA4r4i9e/O4IxhOP8VGJt2O9j0gF2Q+X4BbZy6/M0M8nV7dWjzDgsUJ6AAd3RSMSPAkvNO07Iwie+FprYnZq8NJ1gYQ= Received: from VI1PR05MB3149.eurprd05.prod.outlook.com (10.170.237.142) by VI1PR05MB1214.eurprd05.prod.outlook.com (10.162.15.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Sun, 28 Jan 2018 09:04:37 +0000 Received: from VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::cd00:54ee:63a8:937c]) by VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::cd00:54ee:63a8:937c%13]) with mapi id 15.20.0444.016; Sun, 28 Jan 2018 09:04:37 +0000 From: Shahaf Shuler To: Marcelo Ricardo Leitner , Adrien Mazarguil CC: =?iso-8859-1?Q?N=E9lio_Laranjeiro?= , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH v2 2/4] net/mlx4: spawn rdma-core dependency plug-in Thread-Index: AQHTlrClOaHolUiUpE+XIRIveZP+6KOH0n0AgAEoM/A= Date: Sun, 28 Jan 2018 09:04:36 +0000 Message-ID: References: <20180124223625.1928-1-adrien.mazarguil@6wind.com> <20180126141215.30395-1-adrien.mazarguil@6wind.com> <20180126141215.30395-3-adrien.mazarguil@6wind.com> <20180127150306.GH3494@localhost.localdomain> In-Reply-To: <20180127150306.GH3494@localhost.localdomain> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [31.154.10.107] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR05MB1214; 7:uBGX88U5B6Yb7+GLu0qWu8MRI4RWxZof4N6nUb+CHUFfcV3j3G227xMcf71Jn3tcxl2vlEm4YGwryZdquHcR5HzugKl5RdqTP0ZWCl3KSgiaxSZtc07XOlayuiG2qYIkCL/FInlB/WB6HF9Udyhu7R8DSQJv+v2CFI/Ss+RPuzCvF72GygJiuABsVUmaXkiVWp6EExpUO/2aoRHf4x/cbzCn9J+8TjipN8mbJWD3KWhggWPtYUO5lHMthyrjEEhi x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: d7f526ac-1701-4025-8289-08d5662e2821 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:VI1PR05MB1214; x-ms-traffictypediagnostic: VI1PR05MB1214: authentication-results: spf=none (sender IP is ) smtp.mailfrom=shahafs@mellanox.com; x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231100)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:VI1PR05MB1214; BCL:0; PCL:0; RULEID:; SRVR:VI1PR05MB1214; x-forefront-prvs: 05669A7924 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(39860400002)(396003)(39380400002)(376002)(199004)(189003)(25786009)(106356001)(186003)(316002)(4326008)(14454004)(93886005)(2900100001)(81156014)(81166006)(8936002)(26005)(105586002)(97736004)(86362001)(478600001)(99286004)(66066001)(68736007)(5250100002)(3280700002)(53936002)(33656002)(7736002)(305945005)(9686003)(229853002)(8676002)(74316002)(76176011)(2950100002)(59450400001)(6506007)(7696005)(5660300001)(6116002)(3846002)(6436002)(55016002)(110136005)(54906003)(102836004)(6246003)(2906002)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR05MB1214; H:VI1PR05MB3149.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Psbvot2ySyj1YfD4+T956BVX69Xi5V2k7IMjtgt7lX4DfLNxSDEXMplEFyF6plMUpWwZrleJn61ggtXH2pahvA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: d7f526ac-1701-4025-8289-08d5662e2821 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2018 09:04:36.9669 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB1214 Subject: Re: [dpdk-dev] [PATCH v2 2/4] net/mlx4: spawn rdma-core dependency plug-in X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2018 09:04:39 -0000 Hi Marcelo,=20 Saturday, January 27, 2018 5:03 PM, Marcelo Ricardo Leitner: > On Fri, Jan 26, 2018 at 03:19:00PM +0100, Adrien Mazarguil wrote: > ... > > +static int > > +mlx4_glue_init(void) > > +{ > > + char file[] =3D "/tmp/" MLX4_DRIVER_NAME "_XXXXXX"; > > + int fd =3D mkstemp(file); > ... > > + while (off !=3D mlx4_glue_lib_size) { > > + ssize_t ret; > > + > > + ret =3D write(fd, (const uint8_t *)mlx4_glue_lib + off, > > + mlx4_glue_lib_size - off); > > + if (ret =3D=3D -1) { > > + if (errno !=3D EINTR) { > > + rte_errno =3D errno; > > + goto glue_error; > > + } > > + ret =3D 0; > > + } > > + off +=3D ret; > > + } > > + close(fd); > > + fd =3D -1; > > + handle =3D dlopen(file, RTLD_LAZY); > > + unlink(file); >=20 > This is a potential security issue. There are no guarantees that the file > dlopen() will open is the file that was just written above. It could have= been > changed by something else in between. Can you further explain what are the potential risks you want to protect fr= om? I think this issue is not different from regular file protection under Linu= x.=20 If the DPDK process ran by root, then this approach is no less secure than = the previous version of the patches that dlopen the /usr/lib/libibverbs.so = and /usr/lib/libmlx5.so. root can also change them before the dlopen.=20 In fact in terms of security, root user can intentionally damage the system= in many other ways. If the DPDK process ran by regular user X, then the only users that are all= owed to modify the file created are user X and possibly root. Other users w= ill not have write permission to it. if the same user change this temporary file, then it damages itself only, a= s the DPDK process run by it will probably won't lunch.=20 >=20 > Marcelo